00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582377898864}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582377898864,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582379543659,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379543659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582379543659,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379543659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1432582379543659,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+Df0AAEAR51zAqAIEwKgCAfEBADUAKg3CrIsBAAABAAAAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAQ=="}
01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582379543659,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379543659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582379543659,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e12.whatsapp.net","domainame":"e12.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379571955,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1432582379571955,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+Me8AAEARwurAqAIBwKgCBAA18QEAqrdkrIuBgAABAAgAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAiQABLitsy\/ADAABAAEAAAIkAASeVTpnwAwAAQABAAACJAAEuK2zLMAMAAEAAQAAAiQABLitsyPADAABAAEAAAIkAARsqLDGwAwAAQABAAACJAAEnlU6NMAMAAEAAQAAAiQABJ5VOg\/ADAABAAEAAAIkAASeVTol"}
01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582379543659,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379571955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1432582379571955,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e12.whatsapp.net","domainame":"e12.whatsapp.net","dns": {"num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["184.173.179.47,ttl=548","158.85.58.103,ttl=548","184.173.179.44,ttl=548","184.173.179.35,ttl=548"]}}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582379591505,"flow_src_last_pkt_time":1432582379591505,"flow_dst_last_pkt_time":1432582379591505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582379591505,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1432582379591505,"flow_dst_last_pkt_time":1432582379591505,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1432582379591505,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1432582379591505,"flow_dst_last_pkt_time":1432582379745503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432582379745503,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1432582379848522,"flow_dst_last_pkt_time":1432582379745503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582379848522,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1432582379848522,"flow_dst_last_pkt_time":1432582380026665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582380026665,"pkt":"APS5Jrv0xiwDYGpkCABFAAA05WEAADUGBVKeVToPwKgCBBRmwDYfJVHTJLFyfoAQAgI7+AAAAQEICl2ds7At\/IGj"}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1432582380392956,"flow_dst_last_pkt_time":1432582380026665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_usec":1432582380392956,"pkt":"xiwDYGpkAPS5Jrv0CABFAADadGtAAEAGKqLAqAIEnlU6D8A2FGYksXJ+HyVR04AYIFieBQAAAQEICi38g6pdnbOwV0EBBQAAGvgFAaWRifwSaVBob25lLTIuMTIuMi01MjIyAAAZ+AKc+AT4AfwHcHJpdmFjefgBgPgBQPgBeAAAZvgGDFa\/tfwMMzkzNDczNDYxNzY4\/FBoME2HogokCAgPrR9GeJ2i0w6wLwjITxt5JorMO\/\/Lf1x\/ZwJLOvSC0XFN7QGNpunD0LGDG4tou2tUxcBy8ZGRsH7pztrwCaJmXTt0t17cmg=="}
00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582379591505,"flow_src_last_pkt_time":1432582380392956,"flow_dst_last_pkt_time":1432582380026665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582380392956,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582381179399,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582381179399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1432582381179399,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1432582381179399,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"}
01182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1432582381179706,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_usec":1432582381179706,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"}
01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582381179706,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":477,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1917,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582381179706,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_usec":1432582381179774,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381335456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582381335456,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo17YAAO8G3VkRrUJmwKgCBAG7wDWkxjE9fnJhCVAQDFgVTQAA"}
00938{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381335456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":477,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2473,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582381335456,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381341497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582381341497,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo17cAAO8G3VgRrUJmwKgCBAG7wDWkxjE9fnJjNVAQDZ0R3AAA"}
02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582384764367,"flow_dst_last_pkt_time":1432582384691063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":11339,"flow_dst_tot_l4_payload_len":3880,"midstream":1,"thread_ts_usec":1432582384764367,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":228923.6,"max":3030585,"stddev":711161.6,"var":505750847488.0,"ent":2.0,"data": [307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249]},"pktlen": {"min":40,"avg":515.6,"max":1480,"stddev":518.7,"var":269058.2,"ent":4.2,"data": [1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113]},"bins": {"c_to_s": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0],"entropies": [7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582396509617,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_usec":1432582396509617,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582396509617,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582399902785,"flow_src_last_pkt_time":1432582399902785,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582399902785,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1432582399902785,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582399902785,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFYAAP8Rdk8AAAAA\/\/\/\/\/wBEAEMBNOdfAQEGALYzLg4AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582399902785,"flow_src_last_pkt_time":1432582399902785,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582399902785,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","domainame":"lucas-imac","dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1432582401886119,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582401886119,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFcAAP8Rdk4AAAAA\/\/\/\/\/wBEAEMBNOddAQEGALYzLg4AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582402666171,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1432582402666171,"pkt":"AQBeAAD7APS5Jrv0CABFAABNW6AAAP8RvFfAqAIE4AAA+xTpFOkAOcRNAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582402666171,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_raop._tcp.local","domainame":"_raop._tcp.local","mdns": {}}}
00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402667840,"flow_src_last_pkt_time":1432582402667840,"flow_dst_last_pkt_time":1432582402667840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582402667840,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1432582402667840,"flow_dst_last_pkt_time":1432582402667840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1432582402667840,"pkt":"MzMAAAD7APS5Jrv0ht1gCRl1ADkR\/\/6AAAAAAAAAGJzDGxKYAiT\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5eQMAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402667840,"flow_src_last_pkt_time":1432582402667840,"flow_dst_last_pkt_time":1432582402667840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582402667840,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_raop._tcp.local","domainame":"_raop._tcp.local","mdns": {}}}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1432582404307907,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582404307907,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFgAAP8Rdk0AAAAA\/\/\/\/\/wBEAEMBNOdaAQEGALYzLg4ABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1432582408585607,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582408585607,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFkAAP8RdkwAAAAA\/\/\/\/\/wBEAEMBNOdWAQEGALYzLg4ACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582411561512,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582411561512,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1432582411561512,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1432582411561512,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582411561512,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582411561512,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1432582412221359,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1432582412221359,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582412221359,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582412221359,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1432582413522659,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1432582413522659,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1432582416119241,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1432582416119241,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvEAAC8GqnURbuUOwKgCBBRnwCnUixwguGhbLIAYAUlMmAAAAQEICm+JaPMt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1432582416626472,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582416626472,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFoAAP8RdksAAAAA\/\/\/\/\/wBEAEMBNOdOAQEGALYzLg4AEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1432582421365471,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1432582421365471,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvIAAC8GqnQRbuUOwKgCBBRnwCnUixwguGhbLIAYAUk4KAAAAQEICm+JfWMt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
01206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1432582426553706,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_usec":1432582426553706,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1432582399902785,"flow_src_last_pkt_time":1432582425196086,"flow_dst_last_pkt_time":1432582399902785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":20,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582385071316,"flow_dst_last_pkt_time":1432582385037978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":13821,"flow_dst_tot_l4_payload_len":5174,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582379543659,"flow_src_last_pkt_time":1432582379543659,"flow_dst_last_pkt_time":1432582379571955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e12.whatsapp.net"}}
00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402667840,"flow_src_last_pkt_time":1432582402667840,"flow_dst_last_pkt_time":1432582402667840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1432582379591505,"flow_src_last_pkt_time":1432582399306268,"flow_dst_last_pkt_time":1432582399230803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582426553706,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01210{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582431565397,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1699,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":93,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1432582431565397}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 93/93
~~ skipped flows.............: 0
~~ total layer4 data length..: 24799 bytes
~~ total detected protocols..: 9
~~ total active/idle flows...: 9/9
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7515109 bytes
~~ total memory freed........: 7515109 bytes
~~ total allocations/frees...: 126052/126052
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 542 chars
~~ json message max len.......: 2496 chars
~~ json message avg len.......: 1518 chars