00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946716066779388}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716066779388,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1231,"pkt_l4_len":1197,"thread_ts_usec":946716066779395,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATBSNEAAIARylIKBQMBCgEMAgBYBCUErTilbYIEoTCCBJ2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN2YYIDcjCCA26gAwIBBaEMGwpERU5ZREMuQ09NoiEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22jggM0MIIDMKADAgEXoQMCAQKiggMiBIIDHuY7uI3R2Pi1qv57duWeT0Ll4JC2eeipRWlDXzGRgxhPo3csJRa2MQMEvzJvL1oxFgEdtem8BOT\/6kzWb7SgboArNNrafrLfN3L4u+T5BoaqtTGVUaavU7Q9+PXGs7LiGo2KgTrLE9qt+cY1M0j0lU9Usd0PsdgWrPvRldW08V7yTjSdeZzs7HXYDclL3UFolUFFr74WVDo0szg1GjBgT4ahuEYLpeRAOIRHBEgonmzDUd0zcVyxdV30Swv8Qy7TlCy+IgTffAIgDMpddVkTIcDLIJ0JiNqXn0DDzQxH9Yr6KUuBA5LJQKX9AWJ51fUFncoJO0jvdHuM4wqFCI+NceJYJFEg3jPRYfcYh06asxCP3RLORRET1NKwFvfA77ge9U3WoEX\/ShdLO4UPhPvozA6BR0RN2ix3lCp+CLahYrZrHQFA5otaYGv\/MOocj2u+kceip4rTKvuuni64LltdFoW71saPJDefyBkyq4TXwAzh2sEU9sZEub65ComHjMNsaUUdYvlvEuACNBk6sSJ1uNRy5smw7C2wY4appKGOCP44crFldENLSwWXv5EICjWiLi6VOGhAoFAaoXg00SAzG+cR\/zVCrFc99Jmtbsdr3FokLiS2tBlQzNQigbx5GS6NDINjhOdVpxzVZrdRKPvaf7gsgKxsKzMaHaYAf4KlUlgU1YXC4qKw3e8nGsBExyBocaQbTV5qJ5sMCx+8k8UVGcVDvBPEZ+JKGyWl97A+5oQv3qGBvVaTWQWFjp12ue\/6+Z1yW\/3G2oAs\/mvRArSQ6XMQxCqqflRrg8ByB+isl2ue39Es\/7Xp2QNNolZudB1g86tZGEtlQE10gMSOSETka\/rtr5bMEnNrzIEXR71jB36f3LlIdysQMXsAvDmayk2i7xRPsWOPX8TeRAhxvusm+YwAO3gHOBqoERHXUp7FSwtegA+gG1K1MstH7XbrzDU8+2demlkwll9BjirDx0Dabc6GZmQ7FXTr7\/z+u6H14kdj0b9o2RAWTXwOuUBNLVqGWOCd4P++xwERP8qVc2sFAlXiY84kqVhDZjtqg8mUOqaB9jCB86ADAgEDooHrBIHocOAk\/bIykxmFVuY8onVUzz3TbQpUjpIVkGh3RwudGhk8eZadxEVeX9b8cVUYOAa7jQ51P0iHVewP69h7n62lsV7hoaksBFdS6q+5Ad39W06ORHIykCaNTr1ypMQv23OFrKHoU250yqFUu18TCQYph5jY\/L\/0UQND5rBixb9iOLAPk3Z\/C8J7bJIlTV8arD8uZRGaxhSVbUWv0f9+jTl5QGEQtPFBefjh5a9NhX+VO\/Ce7sihoYBD+6XCD31JszlJqPyIXPEsJNC4ZKHS5qDVxSfmN3+WvFejiMn\/QZucrbJXOsyF6B\/PtA=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067396378,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1223,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1223,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1223,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067396378,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1265,"pkt_l4_len":1231,"thread_ts_usec":946716067396378,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATjAKAAAIAREmIKAQwCCgUDAQQpAFgEzxZdbIIEwzCCBL+hAwIBBaIDAgEMo4IEQDCCBDwwggQ4oQMCAQGiggQvBIIEK26CBCcwggQjoAMCAQWhAwIBDqIHAwUAAAAAAKOCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggM9MIIDOaADAgEXoQMCAQKiggMrBIIDJ4RwpyphOLnHVkqOX4TTLL\/NUu5uT4ndfXvtKiq11NdLWnrJ\/RkaBODS8WDzyOM7DDP1nd4bhExpZR7pwXGASTRBEAN2odNkmh0jdzKuWtjMKtGp2DVyj42cmc+6QXzFWbsc0ciQP3vX8gzqfjlXBbC1PHZQyiL5U92grWlcO9uxZYpsjFPmNRnvg0nt\/xD\/k\/z4alVwZr0+jgG3JmOMUN8YRvUhkqjEGbONBjsYyGrmE3Ae0sFLvgfCOtnaLCrmhDhfe6BckUxCG82cbCE05wDmkFQMzXxqBoDs+mBuGqcT2zUGCvofrim8qNCpUczCV87ZvFqyfleMqYFe8e74u3mmQ1fcSD61TIWvJhyWnsUWMoWSWuBoII6ZhenvLr4HL+5mHWC72kqVQz9srg6QHIqNzvrQ7DgEM\/9XRH0dV9gOEWIuSthdUZx4CSs\/82\/S+XpSQN0F1uaTpfOixCuhaME3tB6ucfpVxhhgNMKhV2MQ++9ZC3EDiLlTWn4p63bFb72BHZJAt27DvsIEwI3bkwnuFtL4Fk2gSwnnirqglXx1m4xMxxPKkc7ZvgGGVTHW+IDRr1tOhGD17PoVtYxucTrKmfY69Rdv\/9z0bIPLo0VviWdk3sc9k8HjkQfgpwDnWjCD0VKBIIGg9uiFiErVIRTHer77I95UgN9tBSgAokTW7wNSkoBbBuZGGNUfm0nSFo9rOK9SplQWLL+O5JKrHS69WKIOLFB87yt324276h29cTgvZcIV36teGUEgKDcfX+k5iTX2Ph5V4lxgR97jmS0ytqJ0+s2djuGYjPQuqqEtnqVJXfNpS3XRcFPedWkvKKv1SNplx7iO7hPF7zt\/2aXT0fpNbqBHcMgWJof+k8D5h2RIfUTFFMuM19MydzZK7SdkK0tdWtwN8y5ShlAyusgKRFz5Z8uWh4fgC8O0CO7X3OIwQWHtE1WIPGgNqkoWQsz5hV5mZIHpBVIFMhCXvcvJflISym1AUJsX9K7DD3lNvPS5ksi8gC0X3jNrfYoqxIoSkg01gi4ZcoJfT2HjYcCNwIx3bgN8W82fdKPJYczHHa8jvqKd\/aSBjDCBiaADAgEXooGBBH\/HpWldNX5jKKjLvfGYHFT0ZakiaMIF9M2fyfBeqTcs6p0k76sFAq5yzenyFaJ0etw2gwIKD+jFWzd\/K9hX5c\/ch5FA4bonO9kqluVDS7YqtQXP\/33gATlhiutrL3dBqmpYh5ethifkqz2FdTCpLULEKaDAUyQEhROWLkaHuux6pG8wbaAHAwUAQIAAAKIMGwpERU5ZREMuQ09Nox4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSlERgPMjAzNzA5MTMwMjQ4MDVapwYCBAudSMaoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067396378,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1223,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1223,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1223,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067396378,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1234,"pkt_l4_len":1200,"thread_ts_usec":946716067396381,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATESNcAAIARykkKBQMBCgEMAgBYBCkEsGcXbYIEpDCCBKCgAwIBBaEDAgENowwbCkRFTllEQy5DT02kETAPoAMCAQGhCDAGGwR4cDEkpYIDfGGCA3gwggN0oAMCAQWhDBsKREVOWURDLkNPTaIeMBygAwIBAqEVMBMbBGNpZnMbC1ZQQy1XMkszRU5Uo4IDPTCCAzmgAwIBF6EDAgEJooIDKwSCAyftJnERJzVnG2FjBXv2U9MTtX58YaXMNT0ScBgBVqkhN64qGvv84Pf1ObDM+s5\/7xfs69pcxVSNfMpOtnq00ChBKYCg6WQIFdYhy22Ep2Cizn5cKMBVuAG\/NuHsuLJ2DKtQnMUqRPG3wDVMDbOsNcJFD1TqSuL8xvADsNggjK12IANMjIyh+sJrZLgBfLKeKuRLc6CVI5kLNyweATyv5GksOsy8+N6dZWMZjNFFUbBH3kLeZKWKtVmsK6gw6wSERuz\/+3yDPEj+zyGf1EYpgbb2nSIQMwDGNLmrh8J0gvwaTXzBO+HpwgkkK5hqRUU3Gh2LZoSwTJywNoKlB0uioI2dYYgi53kMU6eV7HPsIhwqgnQH\/VjXP+fdL6rY34zV8Ix3FkpUhnvHV7S70+LIJfSlm94LyHD71pBZaJhv2PqAnfgtxoztCauzMJhBBCkSLART0AzGBfUZCBXrOoK3J\/fl6W0KIiuMNaW1CdDLAKootzRrEjIZAxwMkGf5h9U8Cc1biAX43B+rEhcYJlZXCDKP5FkMcwHD2yd1RQbu0aDeJd9ZRMKGfzSjxVnFfOI6nwigXn7HZwncWVOLdSbSDe\/3vkHpqAHkuXxLvShbd7wOAHz6Xp8UCAnjMyxVn5HMLSB3VTHTzdrDQVV+LSjsUlie7Nr6foLTfH2RZwZH95rqftf6gY+uzgyGO1llMR5ZyQybRjUgaNa8Dx6PRsLt3MydcfnKdmjC1g98Ci82Brt5fpKkvjm+FyIGnihml2edVqypt1tBGPdXRsI3VN2W+\/9Sg3cd1QhUsY0JL00GSAojlMDdD4viHaN3feeU2ekPZNg3MHKcM9XUHGdBDpEH\/DXfDBgYWovFuvMwDZtFLYS4mbZRK5b\/nAmpjQH5HNq5HK6mDcJEL\/KLygzLfHwXh3gvtg+zmtag79pBu0u038AGWTB9pYqfDKf5XiURp3mqCKbx4vRMD+GiJBsjWMtzPFny04eCIGBgCqZh65T+T1d2G0Bt4Db+zCE8XI29i8CzvhaO2A7HO6lu1aTRNF8jHlWdkEbWxO2MjLi\/xIJPW+fKU+EoYXLMxAamgfIwge+gAwIBF6KB5wSB5GGl5Jtrs7Bi5L6fEmLsvrIK1dI4nSOmAlrWIBVE3N0Shv8xGKijDSbUX\/fp936uFQnR41x\/u+U61J43Jj7bbriEo+xbbMfPbVIxcGE2B\/9UEzRGPJBxElU3ARP\/c4wC96Nz6oDy00ed8+zipIxBSWuXCVeF7tjhslAjXGq4glP1AeL9B1SLH83sEBO9baZtQHriwlfEXSKnmRAoLso8++0XpvGg1GAhr9GnPsRdwMoLPXqQYLvKNNn4oQT46yQbYLCa+wXkdaumY8ACbsgGvvtN1vbO+VN5vDO+RkeY4HyXJ7\/mHw=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067473051,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067473051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067473051,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067473051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"thread_ts_usec":946716067473051,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATfAKUAAIAREmEKAQwCCgUDAQQrAFgEy\/Q0bIIEvzCCBLuhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgE+CBwcCA3wjmscZf19xzqPpSKLPcLc7F\/pta9XqA44Uly8KztoJtx1T\/S3J5MszKKWl3sa1nSdS6nEargLzVPyFuFPIKFdT8js+0j5l0she3eftmHpSOeDKPNGguEmqAfcNfIiRmNphBpgZxpQSbrNAgDhiogKgyjFF5rfKXwE1pHoweKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoykwJ6ADAgECoSAwHhsETERBUBsWdnBjLXcyazNlbnQuZGVueURDLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEC6QO6qgZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="}
00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067473051,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067473051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067473051,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067513240,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1247,"pkt_l4_len":1213,"thread_ts_usec":946716067513240,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATRSN8AAIARyjQKBQMBCgEMAgBYBCsEvSnpbYIEsTCCBK2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN+YYIDejCCA3agAwIBBaEMGwpERU5ZREMuQ09NoikwJ6ADAgECoSAwHhsETERBUBsWdnBjLXcyazNlbnQuZGVueURDLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMeZ+KqfWvHOiOlvE9U+\/Ap34+Yt57qkqs1sAkSCSkL4e+hCYvkF8IUKlNxjuJw+7aJnQYXbcAu8nj\/MZhAr8\/AQDDRGhb7NmunEZ8MP2jGdsJGpucl0GgoDcxhaZmF1A42v9zW3pYZJ3UBJ\/NhLFn5nPJv4n4xm+DhSCPGMJ2ELHdugapK4G6h+KxNz3a7XkoTRAyq1IOiXos\/ZgpNuA71IjNF8wd79Q9NihpYsbMj99UkLQGg+GNZ7anXXyZI37LVqkETaT3MiD3wW8JGRaTCo9KqZMDmM6RXIQV44jn+bs49OWkhbut7joQbi5nc8CBEZMHt6YGc9PNZVW5rt9fkNjpZvaTIpt9ihZ04BLsGbj+r5YMmqKf4W+tRo79Atk2aXqrFfQzORmO7xaor40bgOryiDneGjjHxjO\/5QleLF7irh6shtpF6Pn2svcJalC1MnlAHVsEjB9vqlLFkb0c3P9kGCP\/R82P4mEHKdTJBcv8pNJexa6qYwr2lBqDYghon+AlS91wyvXv9KIjmq\/xpzHy4GDuVTfCb+OvpUgtXBWhzgnLJD4UXMbtQTtrXmldZAqwP7VBZyLuoU8ofEOdN62q0FUwXGThyIa+U7S5FAF3Q9brpCuLQVgQfL+wd4hMDQNB1I+a3VnrsEXXBhb\/jrZSppMn8yfrFxKORmdJBXvp9xYUlgRZ5BQKrYfpuuHK0hAPnxe4g5MFMi3OQ6bpel\/YsFKJlTmHXK0WpbcIGWtmKdpT6spw96zcwDv4ApZLswgucQljrD3IDu46fxN9dcf53+h+KPUMzRs0dhAmptPJAxU559MGsf+PAXSMH4cC1ztoftxzGM9De1qctOOrMoL4srK0Au7+bF3iig3d3AXdhA+kWkv+dQJcTdFZycTKiVnx\/PKFG8CMFKL9OnxCPbFNn4PALfTRcGmA+tiev3SoOAZ1dzrKgqmw\/HQQlXYgqfl8o7ybmqflImt2PMqKiBN56dMsVpJ5TOUqnqCRIOVhxnWNL8o5AwGSVbpJs3GkXcsGfeXlozdCO74IWjMaPJoCt6QdSriBmpnbyRb3jpoH+MIH7oAMCAQOigfMEgfCUTXHX1aELiQlzKCsczFe+C2IqPAVGDFuPZzq+owK6ABcQxAODKKz5mwDrc9QttnnbgOci\/9zrjmZqaH+P5gUo2fja8sx3prrxiY4cFcT1nNZarJllSgUase3wPlmtd3i1yQqAsDzF5bEwq1nO4VnA12YySXQVzxwv3HQD6oweqLHEZ3oU4VeZG\/dQArj1xD6pvQRf3o8u5a4PxiyC32tuMj0FVsdoB8O7azCA2z4GdVx1QCbiZECr0pFHPOzVN9bWYT0DYM5+ia9ZccCJY\/vgfXRXSZ2ZyLLSAPvAdjJQEV6+TmTizQnNsMr6i2+HGTI="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067526237,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067526237,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526237,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1251,"pkt_l4_len":1217,"thread_ts_usec":946716067526237,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATVAKkAAIAREmcKAQwCCgUDAQQsAFgEwZU2bIIEtTCCBLGhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgNeoX1w44rBG4C\/VapcvnoZR3r28u32Kb2ufqFlDeRBviPxhnH2sl\/neUX6tzO4Fk6hSlL5WBXV+EulgZYNYyiRx5ceWwlRK69YQjwPipIJ+arQYW+UcF4xjMryagpJPCl4lEAT9VaABN1keDumZpmnf0Qe1QvOEVx1AY35W6Y1upHAwbqAHAwUAYIEAEKIMGwpERU5ZREMuQ09Nox8wHaADAgECoRYwFBsGa3JidGd0GwpERU5ZREMuQ09NpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQLr8wWqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"}
00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067526237,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067526237,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1229,"pkt_l4_len":1195,"thread_ts_usec":946716067526244,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS\/SOAAAIARykUKBQMBCgEMAgBYBCwEqyGEbYIEnzCCBJugAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN0YYIDcDCCA2ygAwIBBaEMGwpERU5ZREMuQ09Noh8wHaADAgECoRYwFBsGa3JidGd0GwpERU5ZREMuQ09No4IDNDCCAzCgAwIBF6EDAgECooIDIgSCAx6vJykUYq7rXgspxAjLDVvb\/eZ\/5SrdtOCJzqXUtt2Ah28Wot4qbXjaGxnLhBAQCoQatRNPUUAPrQ8zoml9NWokGWomJv2qTEivbx60WTGui08nHOfUk7F5qQH9bhtJ8abeZf4t+DjAEokvn7ksEkhPny6zq1MrOGAVB4Ul9SIAQzxOeI\/OpAGQD8ceGXAVh2mZar8I6BSGPY3dyelogzcpLkjfnWgD6u9FAYv7fwZScCXowx4Ajl3lVBIIxu3HXbdLeoV64LDJ9L47nLS7\/sNoqSZLrAE8Bh1KTK\/3jczuD4uDNaT3DImLzkK\/fJsgLOfE9n\/2TEsqPtnYiZfdZLA3cuodRWE7478J\/LK1zer68y5eihQHLQsEz1iYLZvrWp1mxXgY31KPd7DlEySrVH4V0SP9tDhG9Pq0KeDBWGByHBytauJJ0BCz8KepRMF9V8VjDRkIqa6fzCw7Wn2PrTGQYj4H+\/gHTLjuBA6muibnCaep\/PCHjAXWUtFhQa4fyxoBfg7dIcpGdJk46w8dkUiJScAZeH5a1aLrO9BEtcyjalAqUdpw9mIcWL50BW8CvQtPKBvVUcxLUQStoAENW90O31IBEJOeVsstA0IssuFCUMFJBomyVXqrk3M2ys+dCavzcpFw8VySmRzlp\/zkPrsvHrNco78fht26hcgazpRKQKhie9ZWnbX4pxmFG2OUwqtsk8QYG\/P1n0MbH1Y7i4TBZhRbNG4o5Bh5lvgbHRi0OsCLCI6r8BuwvTEpaZE9dQAkn8zHGZ7Wvm6ogSO3Ehe00DhO3BtemeBb2GCd\/7oTTtFtkmoAy+R+52MYDbp7XV1rhUtrrh2Beenw+1kKhgBAIu\/L4tnzMRm\/\/67kp1BQMtgMn\/Ya1sZSp9Wh+AeHxLdggXxaLidmGf3uML8PIGgOkOC\/PzXyXbzQr2Ztwkf98KcJALe6znANzSqsjAHTIGRoYLLaIo8wV65YOPXMvbomM4liduHgsE17Z0zbX2bWGR3n3VJvKMzI8MThIOCSaSabidZ9fdhXaGIe3kEsws0rNf7ervrXKA2f2LhzYA2mgfYwgfOgAwIBA6KB6wSB6LNxqnKZoBpVseqJF63SOoWKwxsKkbRKUcgerkds+Ze7+WHPbMBENUdvuM93lTtPNuD3VFE4ejhUJ2WV2pVN1Ntr\/jegcZxqISsi7WOnNPd1U07BpdVdLZ09DJiqymXLMDvFQrcI2QQFgDeS5uBE8nSM\/a\/SRbUjGKHI\/6yYlC0GpktmAui+zE40fGuY5n5ZpOZz8nBIv+PyNMML5Tr7EUUS06rJ6+Ly\/EsnBNSSzmpZ\/tyCcHdf3vL4ZAh5KT\/katkpJUYRXHxevx7bGMx3eQLUIpbqvIeNE93m6dinwq01lAEpOLLMrws="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067819225,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1250,"pkt_l4_len":1216,"thread_ts_usec":946716067819225,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATUAMoAAIAREkcKAQwCCgUDAQQtAFgEwPDJbIIEtDCCBLChAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgNL0L+xYmPXFJ2U4kmPBnFHcqQ2kURDhc7sJ1m4jCUZ3aGX1OMmCD0W3u83F3YAN1E64NrK4rVi0jv0dwvc6PCbHAYvM6a0Q4aMYH5PjvHNv0XCuHkBNezkY7kSGMz7+UmeXeYM8t7nSKwEidTLd6P+W3RDUXi0Wg6\/u3kiBOewCpG8wbaAHAwUAQIAAAKIMGwpERU5ZREMuQ09Nox4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSlERgPMjAzNzA5MTMwMjQ4MDVapwYCBAtX7q+oGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716067819225,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"thread_ts_usec":946716067819242,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS+SRYAAIARyhAKBQMBCgEMAgBYBC0EqnlmbYIEnjCCBJqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggNzYYIDbzCCA2ugAwIBBaEMGwpERU5ZREMuQ09Noh4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSjggM0MIIDMKADAgEXoQMCAQmiggMiBIIDHqJ3xhJCOmnFhZcsfMi2k4AT3rpZUNDYWBgoBh3cCWwv3e\/6+fQvFTO8hJ00nDGPbF+\/RK62MoQ9fPP4MpnKhllWK8yjd2Pq6SPPUy1uAMfZFf4orggr2DXR5JbzE3nW8WHiTRJ89yk1S1V2P6Z0fqxMm1j\/oZ\/1T275Ok0CBW636P049zssULQkvCrNUUOPFwn6yEW4DKTWV6M3b7pEdMH0+jUsep4+M+4u+lATLJjUHV+M5ZxNjXUlbrnLpswgF3HQelRvuq3JlgwilWFg5yaK4oPONBIVuQRk\/dqjdDMqrliP+rekdrP\/Ntg0jzs+b7eZyqTajH71RxQdBtMoH7JFSNC0mpJuc9vkTpL8o2KveZDFX\/Jvts3JSQpy5Vf7RT2Xqim6BY\/6VjogqyZntyKUIPCf7fZ0MtnTicJkn+mCmSfkVxh54K1JzoyuBfNhohPsvA8yuv8s4P45LUoEMVprzZlnnKa5DPOyra7+zKWxoOmSV75rMLf1Q9ABsUNjukQWju0dcW45lJsPNa5jO6ExcxMGHsGfh5AI2OaBns2AEsD6BSU014ETQmVD7hiWI3yTaBi9ZYaCqFP543PEZ5tECSE9wOO9D3\/0p68Dyj8Jfx8HLGP3SucODMSnWClZRo00Ef5qAN8eSxFJpyDCJ5qmzY3gJILb\/mI16k2onygx5PwwYyf+KeUSQs1xSXJBTutUkUtBRv79jItwbl2O4ieTQZJeq6zQlABX3iza26xr4Nz+1WMWQzFijYd\/jpeKS7chsuX7h53\/nAj2AmSvTMExybNZu7lwWMOnL+\/VZBGwBdzpOPz5O2kuY3LkqvMO4vLpSTbav2hmSeGcGXCcalM7Jmw9zDVo2T5ScmAc0\/SXhn8Rzilrg\/OFjnZHCMOOdCGJNYNGWRuKSmj3yMsHbSQvesvgMvmFO0aSJQevbtZLRRLDRU4+Gh3FBsKzARnBIBjhyX6dj9OCbnAmj67xR44zBFfCstdL6a\/t17pLPnzwTYkNdamLXZn3sy3mcu6JToxloCBDsMb6lwkzkR2avyKLd0E83r3fd1zroZqU8KaB9jCB86ADAgEDooHrBIHotE3dMV7Nt6gGi\/VNhEhGOtqLUcP+uRJADDp0dHHjNSrc2MEGngFDiSU3IvPOQq2wSiGPvDqearPQ5ihBA\/Jb7pz7cJQAjuYx16sOfNoUgko2obQgzM63LPHsqiZ\/2Y8oyAYmAzZFsfALvarciWmxMSZQvgzJOayGHVpKKzhU1XHbqK5ZqBrKEdowVUsmTSO3irN7h1MfgNrKRBzrqypW+0W6RbyX+2p2cT1smrcGsERPDMuaaNKW3HCm4HZqQavWEeM+XalCmQCzSt+ffuU2rtt3IHZk8L70YUm9Fxg8biTCr5OiBpt6DA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716089644907,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02178{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1275,"pkt_l4_len":1241,"thread_ts_usec":946716089644907,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATtAUEAAIAREbcKAQwCCgUDAQQyAFgE2RcQbIIEzTCCBMmhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgCnqqVTOVTpRzUXbeXaxK103wBWopURudtcug5Pe2sVn\/riDmysWHTfCcQh3A3iGP8I+3waJbA4vV2gXfJBBaCZePRcTa1JTarqNL46zUmLWaZiZRkM4aFGbLQzFVKKq4D+wB\/EE+nzyNOnIx0R2uErXwvhiOneUFFTaQBV4czpYpIGHMIGEoAcDBQBAgAAAogwbCkRFTllEQy5DT02jNTAzoAMCAQKhLDAqGwRsZGFwGxZ2cGMtdzJrM2VudC5kZW55REMuY29tGwpkZW55REMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQXCEP6qBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"}
00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716089644907,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1279,"pkt_l4_len":1245,"thread_ts_usec":946716089644914,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATxSg4AAIARyOUKBQMBCgEMAgBYBDIE3VF0bYIE0TCCBM2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggOKYYIDhjCCA4KgAwIBBaEMGwpERU5ZREMuQ09NojUwM6ADAgECoSwwKhsEbGRhcBsWdnBjLXcyazNlbnQuZGVueURDLmNvbRsKZGVueURDLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMeL\/RA92hD58Dn12Da9QWkJWnEJfArUcc4UzBD9SxldwhmoXd6\/obVbyD0LWmpxcMuaZeRlgizu0rrrcQTZgqtJbxXZlDfyJE2TYQcKUX3Isl\/Odh3JBqXColTPRxC6pkdGeZ3HzYaP0RgU8+UeyCvsTxoDY+foR\/W4Y90imjwA6kcoYW6sBqL9UtA9Xz16o6dXVtqa6a1X4vyB0tkj+dh2H1y3susl46D9QQ5x\/oPLYZ8vYlSw0kM0hvomNAEtbgGVvXv5KcQ139NIHAFoW9R+YkzlJTOfTMwZJRFug50mo3QBD+vmX3YrnLygH3Vcn9ZdN\/lx\/2ItwFMy9+zAmhaJgkW1wX0eu80ixoWoj63+2QNJP526LuZeHn3wt5S3Ez8VVrm0NwykytkVwh+pIWtIZumNqVHExRHbeBUs+HQZco2FIAUysiMl0p0V\/9dYr6NYjFP5SSBe0JQ3ME5PcKqJb80HkTTrAi02f+vIRD0oZd7kx1z0ODX0zskLyx4MuxgfLA+rSgSP6ZUJ055iGahoaVYV9SpPKq+xhCqQFrM7itVACVV7bPJb4QOCt0YwnE0k4YXIyrvjeBwv0TOma+s+Pk26lkmMFohcPPh09SzjbX0LB\/nJU50kl9cOX2RxsnwUxKT64ptV3lFerWVRZ12Rc3nEkevi1b0jJR2PvD7qdm+9x+y4SEkM\/\/znR8jp89KJJfBF1eWXO0dCwgdxUvGxXup\/11HbQS835yW613qHegtnxeXM32CN7BzUPXgbyMrtsocu7vMq7UlNyQL7E27QrzqcIFv7LOWlgBboWP1YYaRCId3CM+v4T\/pcXJx8p0oBnuk8CcRVdoK0SRZww8Uqrg9ipusyREzOOn5tKh1+iWwmAHsizSVWrxInciFG7a1LG3nuYzOwn32U386KlMqGU6x25EYlN1ggNms4IEAxNRZ9xLubotb9xpgHo0ztJXAiCXUH9SE5l2LEDVRzVVcdQV0MPOIzTH\/FZXOa+1tc\/VB08Euy6Bd9na1dbJC9l+Kd21RirJtQ\/T\/0emeJAuVMlmbNxMRxTOQmtTp\/97VpoIBETCCAQ2gAwIBA6KCAQQEggEA8si\/bBGBs0rUs1jXOMObOPMCGmnmTeYlITZW2Wf7sQuBm2SroBfjBri2Z6F9uf3iTF6vCeonbX\/GTWX1Fvcn4uofVntZgvKbdTYkS2d+XFlnruh6P7jVYUezZEoZ8jiGv\/7mm8cprC3zuOzFEDYf7uc8F2nfwaCV8PaBg9p0Jm9+AIzOC2RF7FIdXj9K7GxajcLfzQoBHPOwHqq+anZFZIIUbyjGHPoi2E08Q2cBRBpSYup4O2rhZWb3KhCBYNUzUXpz7EYdkd6s3PjMi8A838Qz4Z1fa3\/7uf0A9ZBBfu8ebbU0HVSPSZkGJL4JCwophGSoBFsnlIMRG1O0GkJa2A=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716089757898,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"thread_ts_usec":946716089757898,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATfAUsAAIAREbsKAQwCCgUDAQQ0AFgEyxJubIIEvzCCBLuhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgIndYoByC0Q1XL0UkOvReJuk4xMaMJZ+vSX6nvaGHvlQj3sSa06PNSHAnkgj2fx7dbMK5tj+L9hKHDtvRMSujXv2qbqzBpKBYUbifiIw78VvOSWvJj++dB3YwIymbxfa9M6swpxkLP2l4B8pAcaGNYjj1\/qFZcDwa0BSttxF6Oj4pHoweKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoykwJ6ADAgECoSAwHhsEY2lmcxsWdnBjLXcyazNlbnQuZGVueWRjLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEFxtNVagZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="}
00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716089757898,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1247,"pkt_l4_len":1213,"thread_ts_usec":946716089757902,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATRShcAAIARyPwKBQMBCgEMAgBYBDQEvQ3obYIEsTCCBK2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN+YYIDejCCA3agAwIBBaEMGwpERU5ZREMuQ09NoikwJ6ADAgECoSAwHhsEY2lmcxsWdnBjLXcyazNlbnQuZGVueWRjLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMe5TejCbdku0sWZODEt+E6OUUMN8VOBkx3zELMQY51bnq2VGhql9SORJyvnK1dFg3jJFS5YPbufxVK9xIZbgEt\/yDkgZFT5ywKZAKUVb5fAeaPY75m6bqAKC9WYz\/BMnDZkwMeSJNr0+Trx8kOf+lNHo7QaR\/P\/+Yk79pv+bK8dl3BmX179458+zSycepAJTN06KRQPVfIea\/xqQ51qJ4YEz\/4CLsKDYszv2gdnSQ1ToQrDMA1DRr9Sk05eeaPB\/+aVDNjsnrJprgd8Dr\/+WyaOqFvJG6A1NE+Lzgqy0b9oQ83dkq4UUtvg30Ai6XfnzIIX\/OdPmFFp0EzafxnejewUcIxBl3+G9Z0R7yzkwR2HRxTry2FP72dUBIAiRF5tU4KZElhfHzVmsIPi0NhGo8Nr8\/PgyGR43Tkbp4I2D8AmBmCa9wr68BV2fUhNcy7XG4\/nFiInqV8vHnjBSRfrJApZh0\/Mg5s8iTQG53JY\/ENQb\/msmGZtHPqNhhbsdDqH+lmOfUO\/rsFoM+A+A7NKV0HxaXem2+2KDVs6XRB397jCpiwvU21eoJh5MbRZu9lHQPac4fqdiG1NV2bvCajFJpm9\/SiaQ4dO3R6QbX1nOAWcnk43IZF9ySTYBCQwP9oubsRlR8h4+wO4jpZte1r9tWFgXmx0aDkW0KbeaSaYNIE9LNzuOCMDEzbj8aoezV2HzBzRhJ2LasRJ8s5NKC3JTvxuJxOJ3bOEGIBjZD9UXeIpuPtxm+T49xwjEqnejhpn83X7S8bJmoZ1ZQ5mNmBkraSR\/DYBjqqfwYS1GirOyuq6eCpwkeO7L\/3OX7yuoFcQ7F\/mivV4JhL3XkovoYZzrHpYA1kmN6qkQyfvpGGqBeLyNnaEcvYDeARqDcsUyGZ+xvgvFZsq25OIETcjG3sIyB0nzy7ba1mYw0RZ9XvZzmJVujSVewjOmE9K29PdUE\/+orVxXua3kiLosyiXhsQ\/snLAaFP8Q95xi6J2njna\/iquiduA7PW6evhPTixCxSIf8ivXgJg03ljz3j1lKVgTQVXWBG49S7+s3oNhaKA6zBgpoH+MIH7oAMCAQOigfMEgfCfbnuNzqoB0hpVugXPSl61u\/o0AiFH0HluNEtCO\/zCcExA35l04OGC1gH6aG3sbOAtVL0zjnnSshrcN39wa67DJ+FHbuSdE3kCJEF+cg6URhPmpUj2257XKU3gjVRTNW9gbSPgJKKlhaknblR0mV7SuU6d7Lg\/Wj1+zz2sH13Rh6dbGo4FT+T9HaP2ndnqiHLxbH7MQv4hm303HhUQGMfdS5gKXMGoezzcUNcL7Q0QhxZef8Fjm6Apvz8AQrgOKbr0UGXxnHWlWaZvsYpBtFO8piUPee5nAjyNucMhYsRC6Jv2Wkno+aTJzG82WW0TaKg="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716138858413,"flow_src_last_pkt_time":946716138858413,"flow_dst_last_pkt_time":946716138858413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1213,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716138858413,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":946716138858413,"flow_dst_last_pkt_time":946716138858413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_usec":946716138858413,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATZAbwAAIAREVAKAQwCCgUDAQQ8AFgExfGLbIIEuTCCBLWhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHQjKO\/OerPJHUVXfuxVJdD6vQ\/NGnGmBmwOn3bLBqbqsG+g9Nnh6yrjY9d5E8AiotGFppGx9xNmwBuNImiFxfNmEg3uH\/dVWHWd9q6uqNxlq4l9BJeInWbk24gfTvjnZPIxaZOXaPKIGWKEoPwfUvG\/abmHOJrJ5dMqDjXn12Gq8qtlDgO9bMEikjGol\/XgOEE3AqGuDQOYN9AD6KcodXf5ljyBptwjxxESj\/S7Kz6h9QlJX\/bPF65u69HCFC8D0O6x6SYPpJQwgF50VHzn1+N9mnFznaYa4AuT0H16bY8ZWk3memHUdpKXbLDzDp6emMp2eXP9emxJFFQUS8M0f5586iB49EBRS2s2EePfPWcS+mN6DYaBg353AwYez1LgB7Puw2NNPPDFlVjYUyyXH0HyxP0DEXpuQEC\/rdkI6wknQh6G9lmGk2V81WgdZlSk+CkiL56oBtMGCilRDVhAoqC0vJ\/kGf6XxSotqKkgy7VrgIiRT5V9xjt1UD8Owk9PKQI1siEvlyDkxYrEr6vzyGdjEEdn1J2\/RqVT6BVnLZeIc6uZNYodQZDbClePn\/tiBzWIRfAABFzPaDqIFcuWvlbnXtgo9ok+GZagM6tVQSYA2oI8Ouq3NIlhKPE5+ABgG8QDVDW9xKR6jazl4jwze2syl\/MUew4xW0tECxLEoLa9NakqgdATDmNUFpJN28enDUQmyRHxLZXoA9\/ospwta8qlV2PwCoVT6RgWgTuQJ3MiC3t0xe4KttF6BQzzO2NIQtnis5g6Y+NA+4n3\/6C06Co88hSP1GAjHrL7luPNd8ekpQbd4VN\/4aBwpNyND5UJJp3UfoikXYoZjPstHkPGruoqJbMAzvEbw0YHk5OawAbEBovxdDTmt0hq2gTWpPyhWURYpkQK96gfjWNYYjdu\/yqBGeN79ct+2MSNrWdYxc8k97LFdE8M8strlBYslyNaAo10tUaZHxe2S1NU0Pje8WixjspIMBprxsDdc+QA2jV2yFgxGRAAixpl7jXmQTHC8SJM8dp5tGAPdd3ds1tc0+eh0QnULGo4wNzIvVyRepIGJMIGGoAMCAReifwR9lMd45uQbgXPTUIapDv8npUAWyRXZFOREDSDyTMId\/udk9oDJ6G\/euSGZP5KVe\/VjIHeDWzWbDfubRUpsXZHld7TQjYmW4Rs1jBphjET6HxcWhRDNxUzPznoCq1aAneOtGkpAE1SAVv5nmbRuATtalQZ+bAF+mz2FCK\/FEcOkcjBwoAcDBQBAgAAAogwbCkRFTllEQy5DT02jITAfoAMCAQOhGDAWGwRob3N0Gw54cDEuZGVueWRjLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEMvbUaKgZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="}
00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716138858413,"flow_src_last_pkt_time":946716138858413,"flow_dst_last_pkt_time":946716138858413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1213,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716138858413,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":946716138858413,"flow_dst_last_pkt_time":946716138858429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"thread_ts_usec":946716138858429,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS+SnoAAIARyKwKBQMBCgEMAgBYBDwEqiHZbYIEnjCCBJqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA3VhggNxMIIDbaADAgEFoQwbCkRFTllEQy5DT02iITAfoAMCAQOhGDAWGwRob3N0Gw54cDEuZGVueWRjLmNvbaOCAzMwggMvoAMCARehAwIBAqKCAyEEggMdqLwk5xMrYJDEwUM\/QQ3VuJIMmn2OQy\/0I5DhAfTNQGcPQSHS5CEPtM6jxjRZTCw0Ai2nHWAOEUdEUEOTCsPK9M6imAlLkM1n1k\/UGy5\/efNw9H0itaqJvDeRfga5lhYWuYKRnVa5Zb2LcF\/jioC043WMRCe+qPxfvoD6RNCKqILp+4B1YsvS2vzC5bMQYCNY08f7Now1c0NTrALudLRPAfPB5qHuxo+5N+QIUogMdV9qnsCd2ZbjBZvLV15UkZvO83kVHjMrBpQvSRkHNM6\/zRHc+YfyXwWcNuMbRJAN7+Y7NptXQN4NQ\/OQONLYDFSpYczYU68F3URsxvORHrchVGGmn8MKbv0DeaLF9\/+1M5uAKlz+88rw9y7LuckjG8DbH5sf7ISfJhh4NpBawzg6k\/JL9yv4tOp\/xZjhDbxy16xt6dThtbRjxdaqF3Oo1fkTqbsbZQ04EfvrQiAKfP8sBfX1niEY31SqDPpx\/8v9Bl4EFm1Lvzn9HEAXkXg08aOVFGh3BlduaucK6Rpky2Svc9ertDKj6f8Jzh5m+eNWEcDW2815fGqRdvI+\/+qRl9E7qnl5GXq1cujOic+M8vy97CJqAPJsJL0kZb9kLdJ7nNjJvKCqlaAeqALPy9KgKZeJI9XzJ\/bmARdSFV3xJS\/loG2otpDyX\/2ZWUUEEYQBfy25AEWmnMEq46q5p8W8sP+x3s3phxQUDhHnECEca5WsO9VlgPBPiXMJUJKXhmrS5SLOi09mh8G5CLVTQ3NPdA3bU+xaruZhwYPHofzIXF6vn7K2SBJl+eOlpH6yNl8HiCimirDhutKQGTz2awDOPcFgFI\/juzSQ1pPwto3mGkmlSzi4GVpCSApYIFoHmyNDW\/TOL6f5HCyq\/trjdKC\/ZHWToa8s93rTdvZG9ggmKkqaDFEkrhUgUNoZm6q0C7CRK\/gWjnTrIuqp6g9Zs5Y3Zi\/GUU52nMhFDbGMTP1y+eYCYah8859k4tGGHP99nZQMMZRm+bwLZF2aQRlHGRkaYdOhdalKGqqR9iVOZE9suIckWSsyYB\/vnKNqXG4WexSmgfUwgfKgAwIBF6KB6gSB54cXkLwMBkHM9GQeHGY5ZtSK62KJIQoTlEQU2I54gWvNeM\/zJ6ckBQIXZfilBpfek4Y7orr+xZTCdwvT6Gkzc8BtAu8Yz26KAHBerh9WWO9UuMFgGKt+q7TjON\/oL8kBFbmuPaEyYkDCskT3ez9VuxsuD8VXmUohQzQmxOOLQNtyXpvmRcjw0Q6TiGceTbHWYeAmvwx+IeCs\/clsg\/iyBjPLq2v90n4ztoRrTjk81TustGQcsaOf4B7RqzGEcyvKXNeQEVbZT3jI5BaO4+aYcmeXzBkymlSvszStGb\/MiP1mGnDZCtbFTw=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716139910212,"flow_src_last_pkt_time":946716139910212,"flow_dst_last_pkt_time":946716139910212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716139910212,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946716139910212,"flow_dst_last_pkt_time":946716139910212,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1263,"pkt_l4_len":1229,"thread_ts_usec":946716139910212,"pkt":"AAP\/pqsMAAP\/p6sMCABFAAThAfwAAIAREQgKAQwCCgUDAQRBAFgEzdG6bIIEwTCCBL2hAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9ja9JTPG3V\/hvRGIuwwosj7sUS1LIBhu\/Wifub2xWICGiRE3t3KocfEIlQLYWq\/DPZTWwjHn6UXJcc+obF5QFMijJyc7I6Y2c\/iHufGqAYJ55sZ1MlMHaFibC0j1nl7WX824jCbyDB0A7iID0+4KwIDf2mftb7CZ5GwsbZaGkejB4oAcDBQBAgAAAogwbCkRFTllEQy5DT02jKTAnoAMCAQKhIDAeGwRMREFQGxZ2cGMtdzJrM2VudC5kZW55REMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQyDNPhqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"}
00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716139910212,"flow_src_last_pkt_time":946716139910212,"flow_dst_last_pkt_time":946716139910212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716139910212,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":946716139910212,"flow_dst_last_pkt_time":946716139910219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_usec":946716139910219,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSrQAAIARyGIKBQMBCgEMAgBYBEEEukqkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRMREFQGxZ2cGMtdzJrM2VudC5kZW55REMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0OqRcPC8vGYJMz45I+hnyANZGJTsVyPTfCUHSBYlVv3VsQhqvRCnWfKr8tTLjMqudYuEJcF+L7XXCnqhYRSBYCFSiBtDPYZ+zwUrPQcBOUWNrwWN58rjlJI4rsfBOkYxKiA091ERchIo4brfg0wihOd1Khcn2hzhSClVIVccTK\/MjYF+xwb7R+X7kwWhBvkFjfCZEYfA39Px1Z6N8hCMZo9D01bu6vlQ1L2sCTq56bCR\/KPgJuesTh2ci1V8F2+s6Tbp2DXg32HvP74XuVtAG\/HdbFy6FP07mReXboks0HCdmNsIlugwTOFBoA0KdeJzt8rCaVLAPeTF6sn3Wub3dm5MAcVfMzvX6SeOcAKsxjskWhTVsE1CxSWYOUSzDEjqTLi5kitJt9vt0EYDo5nzmFWJL+4tqipdqqhpXyxt\/eIG+ZKjZQnz7edpkZJ1AvWiB3rSygvM8tpdnoQN6M6xvZEVYvRrjduR8WdbAhOyBR5bbA0oQdHGNvLYk4F+wtKfihMmzqYshJJAtUQlY76J08RDvvQfbmoCZY5bAXD\/7kVPF4HPV0cv6EoSU4U\/HcDvpW5plwj64n2qkequshx7O\/if1m8JJBPr46eU4WYs5FeaVHYIuCbvCDprb46iNeeud+9E+PFvI9FTKa8wNRbfXDP8Ovfmd2VJ\/o44eQNFUlizwKCMjBE9mhtfH0exvRf9koiWuOtjPAcGYCwU5ZcidWSgY8qntr4v12EkQ31Ru9iaH7Ds2SQSbUoSlP2AJYJ5N7lcaA4QwH8HXGYNXFhMAvIWTT8gO1ogAVjbRSKZnUhxzylt8Cwxmsviyf0ElQbNqauMI1rIs+2E3U6DIzgZvVE6M+D5xiF\/I6rVkyiSJelPA2z3VWNpqE9DgjCm\/tuHHLGElEBVg5sPGqh4fSKejZiyauGHl8kEx7g0JMP\/mPRFISiUdUoBYEq1n0ex96Hd9j8sDPrIE9lLidr+jj0zrPZoOHVLsPzuKkr0gr77hTeUSayXj23NNBAmIy6xS0IlU5qV8+5PPTp+xEoPRGNzbrV627P5IsgKqwjsNVzqaB\/TCB+qADAgEXooHyBIHvNIbb12U6B68TB7gF\/cQpmJg65K85wYZpHYzYAvTf7nc6Nmbb0GdRruPUOQVRPFzlpfFfYYa5FAFk3n4UHYGqXU5X\/AD0rZUkAb\/DMiELvM8Q+804OYWVkjbxajg5SPY1\/VFM0jodkL9eXE7uZVXCVaan0c9VCVcYGBwSjpydUKhBZjYkNquu5nhriSIUJAaerM1J7JSISt1jRUmzAAal6Bli3pWLBS1Bmwu4xio0vlrXiz88OHTHhzcbkw7W8FEVXb48WriKsXF9DT855WrPQJaunamvGrHPBNTvW5O7J1GsSxunQtlIcRHa8BJwjCw="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140238182,"flow_src_last_pkt_time":946716140238182,"flow_dst_last_pkt_time":946716140238182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140238182,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":946716140238182,"flow_dst_last_pkt_time":946716140238182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716140238182,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAgcAAIAREQcKAQwCCgUDAQRCAFgEw7vvbIIEtzCCBLOhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9zEhzGUIWSO2nSAJqmDXobCtcu76K3Rboc\/fF9nnyrTYYtLKR3UTvhOtz+lYZjy30fUznqQuQn9FtrPxZZ9KcR0aeNGj5jFqT78wE7zx10zQdQcEYtMt1Yyoq5p6Q6IsiC81GplCnPyxSQCLZJft+l9Mq1iY\/qnQqSFUZfs6kcDBuoAcDBQBggQAQogwbCkRFTllEQy5DT02jHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02lERgPMjAzNzA5MTMwMjQ4MDVapwYCBDItBdKoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140238182,"flow_src_last_pkt_time":946716140238182,"flow_dst_last_pkt_time":946716140238182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140238182,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":946716140238182,"flow_dst_last_pkt_time":946716140238185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1224,"pkt_l4_len":1190,"thread_ts_usec":946716140238185,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS6Sr0AAIARyG0KBQMBCgEMAgBYBEIEpt71bYIEmjCCBJagAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHdSoYQyi7ff\/cLPWA1HT+38woyNxG7hjyMpFtXNLQ4wwUz2yewJimU\/Syk2Fa\/0Q0E30eV+3qyAUEhdeJ\/mye00Eyjo+t40Omp\/eXw+IGe1ZH6T3PCObVIrhSnpUacK6ii1uuZDD4Rq6I9stqvUPtmYTEfZUghBmSFhKyOF+739jQdMDabCHs42xPF+PE5Khsu\/OuvtkgUlzbOCByNBFPWHM4hq6sxXhGONa32EZ+SoEWcYTpIQzuxousEbeggvFhXEFbIuNBRSFawl6rMWB\/KmaHWXADw8CIbzrEUZstkGSXGF7n2oi7RRxejsRN3c+PeBn7RstHhe0G4eqTB145eevcw23SPSV9euCIwUUxgmQBaJh1SsKM0OGGQYMXd\/X7MRc8Y\/+gAvmDlutKsJJrggZn5cpwu45A1lrsy0RDxzGhWYagdXKP1sdeQyJfZWUj1gaEslI5oAFEndnk8W63AmhpamCf4lKqcUP+3qos7qYekTM2HMg66kqdfdrMwpYncoImN0CBL6cf9PXC\/VC3wKog6Enhmtdig4Q\/rhcleriiYPvB7UzvNKcc32iM3LVFgzhWXwSpxAv4IrTiFRsFL1wKc6eRDWLpbvHSbWELp\/GrXwVikqB0o\/5j+6qBC97w4GyZ8Gu3Fag8PjsReYLk0WL10vGr5Qc4qa7YDMFuS88Hc60sAKfz31rTmI2ndYvD3PWmpyPEqlCdIPgoAa3Kd11qVxwS55WzDEO8k9YZakvP9KiaUbMKHDvw+8GUIpfvAkDNrY3c6GYUCaiQsNuGTGeYW+NrXxWSBG5j2cKtkEW2pMj0v7\/fnPv0o1pLgJl0UzPMq6kLhkoQGC1aC+ANDcZVNQtaYf0juArE6KS6eYgwagrgjn8DbbKE1UxbEnj71zd9MIV2lntPE\/5wNBElNY0OZzjY0k1z+JKn3UlF4k9y\/GwCRua+fbhv3WS6ctnSQrOVVwIJwSSmH9VennduWMRg4\/CLrPyn8iDivCSUXVruZ\/RjO5NoO7Ay+xWX92CZfzP28uqP6g5yOIXxfQF7aEMzvuGnyXGrpGyaj\/HpoHzMIHwoAMCAReigegEgeVL5D9X6hJ97pJp43APBNgTkCTDlRzjmWMnYtfTH2AvHn1h0R2mI58TZnhtl8lC\/7egmLy0XdjJQvyIr0QhH6s9cdKZ+gNDfFgr1ctf5lul4+BKJ7CiDdQRgxJInO6QVh3EuJ5GOm+2RyNu\/ZC2\/D1obkALe8L6KOE0kVvmWG0sBF+cnBegsz7LabfCyqSPSndOogCpJB0w4UneS3xQPcxCdEoirYn9r4tdlA5\/XqbJGs\/Gmbb8y2acBEtu04q1XpFvWuu\/xevycdkVI4OnavQShSYhrsei9lpAin7IICceujNouKy+"}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140476142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1277,"pkt_l4_len":1243,"thread_ts_usec":946716140476142,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATvAhgAAIAREN4KAQwCCgUDAQREAFgE2zRybIIEzzCCBMuhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9yfyxOO1tDXfkA21swax5sbcMOPHtz7FOWAJjttySYh9q\/U6+DaiPCkQdJZimVz4\/paJ2BxXfqBHjHe9cI0tG8FS08MzW1ar6H9PqA6Jjo6qK8PWdlaX14V6ahvbqdGHCzINrk4h0zH1k1RbjMVXvPB54LZXwfThm6YvXS8KkgYcwgYSgBwMFAECAAACiDBsKREVOWURDLkNPTaM1MDOgAwIBAqEsMCobBGxkYXAbFnZwYy13MmszZW50LmRlbnlEQy5jb20bCmRlbnlEQy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBDXdepyoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140476142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1270,"pkt_l4_len":1236,"thread_ts_usec":946716140476146,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAToStAAAIARyCwKBQMBCgEMAgBYBEQE1LNjbYIEyDCCBMSgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA4lhggOFMIIDgaADAgEFoQwbCkRFTllEQy5DT02iNTAzoAMCAQKhLDAqGwRsZGFwGxZ2cGMtdzJrM2VudC5kZW55REMuY29tGwpkZW55REMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx1XI1556E9z8BiUgjJbUldMqjiyjAOxJ74uvYMLDwxmOkONdxBzTP1MSutRBBJQTWWXJYnyPMWu\/zI3K8hgoj0GmO\/W8w5vOr10lKcN1HyFNXzfCcmd+XgtMHJyD9BpjeNQ1qJ7oPMb+3WHTRYAFu8twMOmamcEqk6jWl+RywUCXjB9QNUKbwcPH\/JoF+zgvjfdfQ2OGDZa6PRJfaZGOL3Bz+FIbH9C2Fx\/I0nE4oaZcxNFRtxYJUyvG9vShCS\/R5MP0kJ2mnUJANBpE\/Vhz++ZSyLN6pNHd\/BEJAUsjGylkuTxzl2Lnq6PkkBTlHz+pgv6hR\/FyMk7kXPcVY6PpFUDiTSVJNw7s++K9VnOE6XjGs8CiEERYB+LMPU0ncEA55LXWZNmAVu1KOAGMj17PTgVLoL6gcSspNormMp\/nfk9k7yWeMj9WVgNKNXSes\/iL2g6dE8UXWlxn0w0DA41fhjG98Ub5akpglBCfge1kIIGd7awaZFdsAGhJH2reytyG4e4AahbQRH8St4p8iuP5pTlvGPcTIF90Lk1zalSH6f+3t2i+KQ3rrJRWlqIFMxL0W6xWXWN2A69OpkDW7SJZqdqxhUDrJHBEZqo7\/kr1rPXjk3tEZUZ+\/3jYgOnA6KoV+FvCed0t8bykcaXzgJB3JixzvMvrL0YUkrgDYHyGlolZi0zI2+6D6YaI9ANLUPJhNyzYBA93Yfsl3o6ZSj0mmgiZq\/lVbEpMl51Vc+fIXypt8EHCM6glksV3GB+sT+9kvU5YmZf4p35ih5qs+B6wxDScYCHnxUQ5M7Y+CaB+Z8umyuJFuExqyhaLvsHxSu7C5RR9zkRoXRxlMlSUlioW\/k\/f2t8OixHzUGA4Pjlkvsn7oU9bY5CEFkvEOMd9OAWhdmwZX2trUJgB9kuTMLfC08vIm25jVGyjrOMvrfllYb9Tkon9cDFzySBqwpdy3mzAFDGbSbgSSVph9mJQQwd5HbHKinSVH6cIBJewcN67UlHl60gcsB648MqUc5y3yNg\/aT2LJRlx4Hugf4703fBz1ilFKkTyia5hLwY0ditm6aCAQowggEGoAMCAReigf4Egfs6rVBU5Wbf58UJI1nlKrW\/LPMlXp44cwupSkh1AXVr0jMWvkg\/cKqEOLVh+eLdXMJf\/7tuabmMyWEcrpHyGjV8QdU\/LRfiYvKiLliUQZc2ab4RQLJpbpbJm162ZbTsK8MoJ0nxxcKChBmo7b0Cn4N95XSQaG\/mILea4u+9\/df1RJfKa1Rm6tTGG5JYZqb2yXuujbwC30Zt17c1Hi\/vUkA9vpV1e6xV2EIpzTM7qHDcAeZWNHGOA4MUdtxQCXzJDDEFf9vqk1T481Q3FdEgo63vG0rmeUX8x9LMl7OmGOelI0Hkx4m0lCbreYKTnpzNK53E2WNaqEIapwkuaQ=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140774135,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1263,"pkt_l4_len":1229,"thread_ts_usec":946716140774135,"pkt":"AAP\/pqsMAAP\/p6sMCABFAAThAjoAAIAREMoKAQwCCgUDAQRIAFgEzRTGbIIEwTCCBL2hAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9EeZm1xXCGjpTcLGRq4WuQ8ssviUxl213ypmulixTQWFmAQi1gq8M3vB7vTp7SGKt8sIF14iqGTiJJWz+TgAufWTJ4n2ibf9kuYyLGTZfXqU+XTn7oSwP6CplUyx8Rcx6fjORhXuzJFTp0WjwfJC+Z3aW5oAvEH9BL5cNtHmkejB4oAcDBQBAgAAAogwbCkRFTllEQy5DT02jKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQ1jymRqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"}
00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716140774135,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_usec":946716140774142,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSu8AAIARyCcKBQMBCgEMAgBYBEgEurmkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0aFmxok9g1Ue0357Hr75qdhqZfRht4OHreKB5u\/V5IirkcwENplNxxQmbw8+DFBp6kUxON4ouXLUpsGQja+UwQNswQ7cEXb3TTT7jYMm2q+XU9A8z+Cm+x45x6EPfupXNfUoIz5d+DBXqnAKwiMsohJZBYGmEm7Q+yhVWVar9k\/vQ4EHxPSmoKKOWOqMeWxjcfGizeQcfY\/7A7oBkliScCXMBosF3zWgVn6SZUxx2nLdkS4jVlNmS1jWY0CBy3hQgCl7KtJ88Rxj2JXMQ5Fa0ibQHlt+FeHBgOikUOCt7JR9KHGnKF+V9OwmxFHJrtiKrEW2Cv72q08\/TX55bwUm9jrgvLF+1YsovMtrgWOHLFsVcxNfbdawsk1MAGXI1K8WdNlNxj79Sa+effGMmTt32eF8\/oOYgeR3A+0F1wnFjIQeheNTRLl\/9WBWymTf5CVGZk9I\/sUh0ufZ1o58VaghVEb+aOBC6tWfpsOkLJ9ANhxY1Vw45ioZzS06CBZRvW7MMUcb4Ur7IeznoOXOKL+obkIkaEuJF9dxjVVEK3H8T8BFen6GrrRV4+9gxQ28wWj2B\/3R0I0K8npdyxugyU7o6q1h547H+5tjJ8dixUeIFR0R+BxQUA1qGlVkB7SS4zvQUHJeQ33GsZmfB09OjxsbZUKDOYPS2DppWChX3zAiJESMybgCQW5ulCO\/DCKGrcKFEaqcfqvdr1e4WyRdwCcvZn2MJR1nu01uw1EbqNmvBlDTHXDpZmQAS+Z9AFAEe6+Jwucjc+X3W9+cKSxj+uTpUbPMfAp3MPTCh88MxPw2Aax6SFtx5IK+P6jE2F6eQfjhX9aV6hdIZ0pWVxFUqJk1oXwgJHigW8nhTnJsDeLgqs70DVvtJOOt9wQIyuysdS5eh4ZJK2TyKfSg9XuEekXtqV8HHagG6OZO87HJsGQmu\/\/tjHaE7Ql4hIoe+fcxYBzuwcDJYmBr6xlBxFqKXZZHTBFk60GqPFITFaX17Oz+6fJYP3RmN2JGKt17gwAhua9IJr3+oyzOLK9Ar9ryp7P5t03iErc\/1gvMC+WI+39aaB\/TCB+qADAgEXooHyBIHv9+WbNZuFKxvCR6wr2zaCGnigV6GBLntoGkqEg4\/vMLz6p+qzEJQC2ilW82BTzXU6scdi61TaIC3oq6sMVee5Q+SNihDQg2j\/e7P09S+lWbe2hxhDb2MYsqe8Lg50XMclkXvYxZYVxgGfh9+QhSOku3gyZ4w550hPMwNPtwT50N8oSP0YzMlcdyjS0yGxX38Sztfi6maarSaN8R8bO1fNlv7DMT0XFldAA9Ujo2zbz4RI5ls2TDkFYA60ukMDSLX5c+pTDKFVkARApYRvSaMnKg1aCCWfstO5zat+wIz45gQKBeA3dPJACT5hwG+Q1qc="}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1189,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":1189,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067396378,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1223,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1223,"flow_dst_max_l4_payload_len":1192,"flow_src_tot_l4_payload_len":1223,"flow_dst_tot_l4_payload_len":1192,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067473051,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067513240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067526237,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1209,"flow_dst_max_l4_payload_len":1187,"flow_src_tot_l4_payload_len":1209,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":946724453221239}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221239,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221239,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221278,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":946724453221287,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221287,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":946724453221287,"flow_dst_last_pkt_time":946724453221327,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221327,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":946724453221348,"flow_dst_last_pkt_time":946724453221327,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946724453221348,"pkt":"GGbam+N9uKxvNgTjCABFAAA08ahAAEAGs7vAqAoMwKgKA6zgAFj7lQiHjrvXi4AQAOVcVgAAAQEICv\/++SEzW0AJ"}
01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221400,"flow_dst_last_pkt_time":946724453221327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1555,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221400,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"testbed1.ca","username":""}}}
01025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221447,"flow_dst_last_pkt_time":946724453222261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":1554,"midstream":0,"thread_ts_usec":946724453222261,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1189,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":1189,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067396378,"flow_src_last_pkt_time":946716067396378,"flow_dst_last_pkt_time":946716067396381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1223,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1223,"flow_dst_max_l4_payload_len":1192,"flow_src_tot_l4_payload_len":1223,"flow_dst_tot_l4_payload_len":1192,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067473051,"flow_src_last_pkt_time":946716067473051,"flow_dst_last_pkt_time":946716067513240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067526237,"flow_src_last_pkt_time":946716067526237,"flow_dst_last_pkt_time":946716067526244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1209,"flow_dst_max_l4_payload_len":1187,"flow_src_tot_l4_payload_len":1209,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716138858413,"flow_src_last_pkt_time":946716138858413,"flow_dst_last_pkt_time":946716138858429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1213,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1213,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1213,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716139910212,"flow_src_last_pkt_time":946716139910212,"flow_dst_last_pkt_time":946716139910219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140238182,"flow_src_last_pkt_time":946716140238182,"flow_dst_last_pkt_time":946716140238185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1182,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":1182,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":1228,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453222354,"flow_dst_last_pkt_time":946724453222308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":3108,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":946724453222354}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 39/39
~~ skipped flows.............: 0
~~ total layer4 data length..: 35242 bytes
~~ total detected protocols..: 13
~~ total active/idle flows...: 13/13
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6683888 bytes
~~ total memory freed........: 6683888 bytes
~~ total allocations/frees...: 114309/114309
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 552 chars
~~ json message max len.......: 2199 chars
~~ json message avg len.......: 1375 chars