00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681478090730262}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681478090730262,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090730262,"pkt":"QHGDrEAwoDafLnO8CABFAAA0UOtAAH0GbxHC4scVNBJ\/veMrAbsAeoaaAAAAAIAC+vDKXAAAAgQFtAEDAwgBAQQC"}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090780521,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAAOkGU\/w0En+9wuLHFQG74yuLkuWcAHqGm4ASaQPrCQAAAgQFtAEBBAIBAwMI"}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1681478090781367,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1681478090781367,"pkt":"QHGDrEAwoDafLnO8CABFAAAqUOxAAH0GbxrC4scVNBJ\/veMrAbsAeoabi5LlnVAQAgGS3QAAAAA="}
01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1681478090781920,"pkt":"QHGDrEAwoDafLnO8CABFAAItUO1AAH0GbRbC4scVNBJ\/veMrAbsAeoabi5LlnVAYAgHa5QAAFgMBAgABAAH8AwO2b8k+LCOftweDZWjvdeyR90vCYVJRMgT0j8Pik75VmCBg6yWVhOtcb9ut7Hy59sTpKH6uJec\/kZz0GzKsEDEcaAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAbAAMCAAIAIwBp+6R1+qIJHZG7jowoeY3hRbjOQoOBSjubfpFQW9nxqfD0S5qRCzYtZk0T2UZ7jb\/+pwGkVmJwdmFtm3YHm6ODfcntPcAS93\/vLSJrkHutEM1HolLRM4QVmCnTlceE8Q\/R5iQVvIN9NJOjABIAAAALAAIBAAAKAAoACIqKAB0AFwAYADMAKwApiooAAQAAHQAg0bBrRvkzsBdk4f0tRyz\/mG183djoFkcSb2nq6iq3WmBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAFAAUBAAAAAAAtAAIBAQAXAAAAAAAQAA4AAAtiaXRyaXguaW5mbwANABIAEAQDCAQEAQUDCAUFAQgGBgEAKwAHBnp6AwQDA7q6AAEAABUAYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090832249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681478090832249,"pkt":"oDafLnO8QHGDrEAwCABFAAAuXV1AAOkG9qQ0En+9wuLHFQG74yuLkuWdAHqIoFAQAG6SZwAAAAAAAAAA"}
01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1860474.4,"max":28647677,"stddev":7030273.0,"var":49424738811904.0,"ent":1.1,"data": [50259,51105,553,51728,128,0,97,51293,1354,0,1851,500,202,193,0,51721,0,48,140,50129,407,8135,0,8098,85064,28647677,19,62,28613926,13,0]},"pktlen": {"min":42,"avg":308.7,"max":2960,"stddev":576.0,"var":331721.9,"ent":3.6,"data": [52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]},"bins": {"c_to_s": [6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1],"entropies": [4.700937748,4.839770317,4.678030014,5.790879726,4.390829086,5.801830769,7.220153809,7.298819065,4.678030014,7.385129929,4.797285557,4.725648880,6.228291035,6.284518242,7.567343235,7.646277905,6.609186172,5.432500839,6.074527264,4.434307575,4.678030014,5.448187351,7.460664272,5.370555878,4.678030014,4.477785587,5.985470772,5.565127373,7.818080425,4.434307575,4.477785587,5.465760708]}}
01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681887368538349}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887368538349,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368538349,"pkt":"QHGDrEAwoDafLnO8CABFAAA0sahAAEAGEuHC4sfiCPfifoU1AFBr1P3sAAAAAIAC+vAOnwAAAgQFtAEBBAIBAwMH"}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368549865,"pkt":"oDafLnO8QHGDrEAwCABFAAA0+VoAADkGEi8I9+J+wuLH4gBQhTVLutKfa9T97YASpWRFuwAAAgQFtAEBBAIBAwMM"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1681887368549922,"pkt":"QHGDrEAwoDafLnO8CABFAAAqsalAAEAGEurC4sfiCPfifoU1AFBr1P3tS7rSoFAQAfYp\/wAAAAA="}
01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":550,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":550,"pkt_l4_len":516,"thread_ts_usec":1681887368549922,"pkt":"QHGDrEAwoDafLnO8CABFAAIYsapAAEAGEPvC4sfiCPfifoU1AFBr1P3tS7rSoFAYAfYVeQAAR0VUIC9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iNGYyNzUxNC0xNjE4LTQ3YTAtYmNkNC01ZmNiNDY5ZWRiNjM\/UDE9MTY4MTg4ODA1OCZQMj00MDQmUDM9MiZQND1WSjJRdiUyYlVYekJHT1VMWm15c2h4bGM4WFh4NHBMbDdob0ZjTGdmMWlTMzNyREdmbTB0Q1ZyVFB2Wk44dG44eVdCU3JBMGlkd2R0T0JGTFFNalpDVWt3JTNkJTNkIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KUmFuZ2U6IGJ5dGVzPTAtMQ0KVXNlci1BZ2VudDogTWljcm9zb2Z0LURlbGl2ZXJ5LU9wdGltaXphdGlvbi8xMC4wDQpNUy1DVjogdGIxWkFueW9kRWVlaE1vai4xLjAuMi4xLjEuMC4wLjE5LjIuNi4yLjEuMQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IDMudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20NClZpYTogMS4xIHByb3h5LmFhbmV0LnJ1IChzcXVpZC8zLjUuMjgpDQpYLUZvcndhcmRlZC1Gb3I6IDEwLjEzLjM4LjE2MA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wDQoNCg=="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368561681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681887368561681,"pkt":"oDafLnO8QHGDrEAwCABFAAAu+VwAADkGEjMI9+J+wuLH4gBQhTVLutKga9T\/3VAQAAsp9gAAAAAAAAAA"}
01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478221324232,"flow_dst_last_pkt_time":1681478221373883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1493,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5265,"flow_dst_tot_l4_payload_len":7081,"midstream":0,"thread_ts_usec":1681887368574945,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518918488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887518918488,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518918488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887518918488,"pkt":"QHGDrEAwoDafLnO8CABFAAA0EMZAAH4GNFfC4sc9I\/EJlms9AbvPt5\/HAAAAAIACIAC68QAAAgQFtAEDAwgBAQQC"}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518942556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887518942556,"pkt":"oDafLnO8QHGDrEAwCABFIAA0AABAAHwGRv0j8QmWwuLHPQG7az2esooQz7efyIAS\/\/+yTQAAAgQFhAEBBAIBAwMI"}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1681887518942881,"flow_dst_last_pkt_time":1681887518942556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1681887518942881,"pkt":"QHGDrEAwoDafLnO8CABFAAAqEMdAAH4GNGDC4sc9I\/EJlms9AbvPt5\/InrKKEVAQAQPx6wAAAAA="}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1681887518943234,"flow_dst_last_pkt_time":1681887518942556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1681887518943234,"pkt":"QHGDrEAwoDafLnO8CABFAAECEMhAAH4GM4fC4sc9I\/EJlms9AbvPt5\/InrKKEVAYAQMq+wAAFgMBANUBAADRAwPkfQY5j+gFDj5LCRL3jPF3QYo1r+kdXT1Rr33wqAJn9wAAHMArwC\/MqcyowCzAMMAKwAnAE8AUAJwAnQAvADUBAACMAAAAKgAoAAAlZmlyZWZveC5zZXR0aW5ncy5zZXJ2aWNlcy5tb3ppbGxhLmNvbQAXAAD\/AQABAAAKAAoACAAdABcAGAAZAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEAHAACQAA="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1681887518943234,"flow_dst_last_pkt_time":1681887518967530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681887518967530,"pkt":"oDafLnO8QHGDrEAwCABFIAAuScgAAHwGPTsj8QmWwuLHPQG7az2esooRz7egolAQAQXxCwAAAAAAAAAA"}
01987{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7320.3,"max":29949,"stddev":11049.8,"var":122098208.0,"ent":3.5,"data": [24068,24393,353,24974,2405,0,38,27411,305,4695,29949,0,24556,1245,0,54,26487,9,288,44,25578,893,503,1582,287,1013,999,1290,1231,1003,1277]},"pktlen": {"min":42,"avg":672.8,"max":2864,"stddev":1000.3,"var":1000640.1,"ent":3.7,"data": [52,52,42,258,46,2088,2088,462,42,42,133,318,109,42,217,361,78,46,78,364,1452,42,1452,2864,42,42,2864,42,2864,42,2864,42]},"bins": {"c_to_s": [11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.585552692,5.017560482,4.686327934,5.680439472,4.505982876,7.413378239,7.563780785,7.408977032,4.733946800,4.686327934,5.833590031,7.044709682,5.829442978,4.715973377,6.852140903,7.372029781,5.280656338,4.505982876,5.229373932,7.303534985,7.876083851,4.582791805,7.885684490,7.924335957,4.733946800,4.781565666,7.928474426,4.781565666,7.931355953,4.781565666,7.921189308,4.638709068]}}
01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1682070081976502}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070081976502,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081976502,"pkt":"QHGDrEAwoDafLnO8CABFAAA01rdAAH4G1SvC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081986323,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1682070082020824,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070082020824,"pkt":"QHGDrEAwoDafLnO8CABFAAA01r5AAH4G1STC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1682070082021236,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1682070082021236,"pkt":"QHGDrEAwoDafLnO8CABFAAAq1sBAAH4G1SzC4scJXN9qFcJcAbti0Bbjr6YUn1AQAgFa4AAAAAA="}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1682070082021236,"flow_dst_last_pkt_time":1682070082030778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070082030778,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070088015038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070088015038,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070088015038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070088015038,"pkt":"QHGDrEAwoDafLnO8CABFAAA0PfRAAH0G0QTC4sdn2UWLO\/R0Abv7Ac4cAAAAAIACIACg9gAAAgQFtAEDAwgBAQQC"}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070088015038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070088015038,"pkt":"QHGDrEAwoDafLnO8CABFAAA0PfRAAH0G0QTC4sdn2UWLO\/R0Abv7Ac4cAAAAAIACIACg9gAAAgQFtAEDAwgBAQQC"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070088025503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1682070088025503,"pkt":"oDafLnO8QHGDrEAwCABFAAAuAABAADoGUf\/ZRYs7wuLHZwG79HRxsKAm+wHOHWASNxShQAAAAgQFggAA"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070088025503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1682070088025503,"pkt":"oDafLnO8QHGDrEAwCABFAAAuAABAADoGUf\/ZRYs7wuLHZwG79HRxsKAm+wHOHWASNxShQAAAAgQFggAA"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1682070088015038,"flow_dst_last_pkt_time":1682070089574311,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1682070089574311,"pkt":"oDafLnO8QHGDrEAwCABFAAAuAABAADoGUf\/ZRYs7wuLHZwG79HRxsKAm+wHOHWASNxShQAAAAgQFggAA"}
01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":42,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887690338067,"flow_dst_last_pkt_time":1681887690337978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":1521,"flow_dst_tot_l4_payload_len":35050,"midstream":0,"thread_ts_usec":1682070089825883,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01972{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095281485,"flow_dst_last_pkt_time":1682070089825216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":9558,"midstream":0,"thread_ts_usec":1682070095281485,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":292794.3,"max":5455602,"stddev":1016505.8,"var":1033283960832.0,"ent":1.7,"data": [0,10465,0,1548808,0,1559948,0,2544,0,14096,0,4417,0,92,0,17069,0,11,0,4686,0,18454,0,216157,0,213846,0,10430,0,5455602,0]},"pktlen": {"min":42,"avg":385.9,"max":2883,"stddev":734.4,"var":539373.9,"ent":3.4,"data": [52,52,46,46,46,46,42,42,609,609,46,46,1450,1450,2883,2883,42,42,42,42,166,166,298,298,42,42,298,298,42,42,71,71]},"bins": {"c_to_s": [14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2]},"directions": [0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0],"entropies": [4.540081024,4.540081024,4.772925377,4.772925377,4.772925377,4.772925377,4.829184532,4.829184532,7.086583614,7.086583614,4.565871716,4.565871716,7.215152740,7.215152740,7.539601803,7.539601803,4.715973377,4.715973377,4.733946800,4.733946800,6.348270416,6.348270416,7.138381004,7.138381004,4.781565666,4.781565666,7.126602650,7.126602650,4.733946800,4.733946800,5.169243813,5.169243813]}}
00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095281485,"flow_dst_last_pkt_time":1682070089825216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":9558,"midstream":0,"thread_ts_usec":1682070095281485,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070122465460,"flow_dst_last_pkt_time":1682070122465460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070122465460,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1682070122465460,"flow_dst_last_pkt_time":1682070122465460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070122465460,"pkt":"QHGDrEAwoDafLnO8CABFAAA04TpAAH0GZ5nC4sc9AhYouhsiAbvsZqDdAAAAAIAC+vAVDgAAAgQFtAEDAwgBAQQC"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1682070122465460,"flow_dst_last_pkt_time":1682070122475302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070122475302,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAADsGitQCFii6wuLHPQG7GyIhD7qv7Gag3oAS+vA5PwAAAgQFtAEBBAIBAwMH"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1682070122465460,"flow_dst_last_pkt_time":1682070122490627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070122490627,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAADsGitQCFii6wuLHPQG7GyIhD7qv7Gag3oAS+vA5PwAAAgQFtAEBBAIBAwMH"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1682070124530631,"flow_dst_last_pkt_time":1682070122490627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070124530631,"pkt":"QHGDrEAwoDafLnO8CABFAAA04TxAAH0GZ5fC4sc9AhYouhsiAbvsZqDdAAAAAIAC+vAVDgAAAgQFtAEDAwgBAQQC"}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1682070124532429,"flow_dst_last_pkt_time":1682070122490627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1682070124532429,"pkt":"QHGDrEAwoDafLnO8CABFAAAq4T5AAH0GZ5\/C4sc9AhYouhsiAbvsZqDeIQ+6sFAQAQB0AAAAAAA="}
02016{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070127475501,"flow_dst_last_pkt_time":1682070127468714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":3416,"flow_dst_tot_l4_payload_len":10610,"midstream":0,"thread_ts_usec":1682070127475501,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":323009.5,"max":2634777,"stddev":687597.7,"var":472790597632.0,"ent":2.8,"data": [9842,15325,2065171,1798,114,2048180,1988,1777,823,1,2161,39414,217233,215957,433218,854700,2634777,793,114791,2391,133538,311,1201538,215,30,1,210,55,15686,389,868]},"pktlen": {"min":42,"avg":481.7,"max":2960,"stddev":697.2,"var":486142.7,"ent":3.8,"data": [52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673]},"bins": {"c_to_s": [8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]},"directions": [0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0],"entropies": [4.767184734,4.961856842,4.961856842,4.767184734,4.617807865,6.804517746,4.961856842,4.961856842,4.565872192,7.936507702,7.812016487,7.865312576,4.834680557,5.055958748,7.863229275,7.863562107,7.864302158,4.873142242,4.834680557,4.725648880,4.773267746,6.283937454,6.596406460,4.609350204,7.253105640,7.293287277,4.609350204,6.180341721,5.790450096,7.859360218,7.630677700,7.711422920]}}
01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070127475501,"flow_dst_last_pkt_time":1682070127468714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":3416,"flow_dst_tot_l4_payload_len":10610,"midstream":0,"thread_ts_usec":1682070127475501,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01065{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":47,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070140586728,"flow_dst_last_pkt_time":1682070140596749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":24070,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00864{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":303,"packets-processed":303,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1682070140596749}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 303/303
~~ skipped flows.............: 0
~~ total layer4 data length..: 96601 bytes
~~ total detected protocols..: 0
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7518601 bytes
~~ total memory freed........: 7518601 bytes
~~ total allocations/frees...: 126246/126246
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 552 chars
~~ json message max len.......: 2021 chars
~~ json message avg len.......: 1285 chars