00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196094240,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":240063,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322778,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"}
00773{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322947,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"fmgbW\/gUcIXCQA64CABFAAE4ux9AAEAGRKLAqAJcsiDE2deWI1qAnf86I+a9J4AYAOWIhgAAAQEICk+Ou8XshW\/8eyJtZXRob2QiOiJsb2dpbiIsInBhcmFtcyI6eyJsb2dpbiI6IjRCQ2VFUGhvZGdQTWJQV0ZOMWRQd2hXWGRSWDhxNG1oaGRaZEExZHRTTUxUTENFWXZBajlRWGpYQWZGN0N1Z0VibWZCaGdrcUhiZGdLOWIyd0tBNm5xUlpRQ2d2Q0RtLmNiMmI3MzQxNWM0ZmFmMjE0MDM1YTczYjlkOTQ3YzIwMjM0MmYzYmYzYmRmNjMyMTMyYmQ2ZDdhZjk4Y2IyNTcucnl6ZW4iLCJwYXNzIjoieCIsImFnZW50IjoieG1yLXN0YWstY3B1LzEuMy4wLTEuNS4wIn0sImlkIjoxfQo="}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00421{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":405351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQA64fmgbW\/gUCABFAAA0zTZAADMGQI+yIMTZwKgCXCNa15Yj5r0ngJ4APoAQADl3vwAAAQEICuyFcBFPjrvF"}
00828{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406828,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"cIXCQA64fmgbW\/gUCABFAAFjzTdAADMGP1+yIMTZwKgCXCNa15Yj5r0ngJ4APoAYADnxwAAAAQEICuyFcBFPjrvFeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2IiOnsiYmxvYiI6IjA2MDZlODk4ODNkMjA1YTY1ZDhlZTc4OTkxODM4YTFjZjNlYzJlYmJjNWZiMWZhNDNkZWM1ZmExY2QyYmVlNDA2OTIxMmE1NDljZDczMTAwMDAwMDAwNWE4ODIzNTY1MzA5N2FhM2U5N2VmMmNlZWY0YWVlNjEwNzUxYTgyOGY5YmUxYTA3NThhNzgzNjVmYjBhNGM4YzA1Iiwiam9iX2lkIjoiNzIyMTM0MTc0MTI3MTMxIiwidGFyZ2V0IjoiZGM0NjAzMDAifSwic3RhdHVzIjoiT0sifX0K"}
00421{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyBAAEAGRaXAqAJcsiDE2deWI1qAngA+I+a+VoAQAO11xwAAAQEICk+Ou9rshXAR"}
00668{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":556737,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyFAAEAGRO3AqAJcsiDE2deWI1qAngA+I+a+VoAYAO27KwAAAQEICk+Ox7jshXAReyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6Ijk4MDI0MDAxIiwicmVzdWx0IjoiYzliZTkzODFhNjhkNTMzYzA1OWQ2MTRkOTYxZTA1MzRkN2Q4Nzg1ZGQ1YzMzOWMyZjk1OTZlYjk1ZjMyMDEwMCJ9LCJpZCI6MX0K"}
00507{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":668425,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzThAADMGQE6yIMTZwKgCXCNa15Yj5r5WgJ4A9YAYADmdhwAAAQEICuyFfApPjse4eyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"}
00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":668470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyJAAEAGRaPAqAJcsiDE2deWI1qAngD1I+a+lYAQAO1c3gAAAQEICk+Ox9TshXwK"}
00670{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":287307,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyNAAEAGROvAqAJcsiDE2deWI1qAngD1I+a+lYAYAO0qZAAAAQEICk+OymLshXwKeyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6ImIxMDM4MDAxIiwicmVzdWx0IjoiZjg0NTk2YTQ4ZTU3NjgzZjZiNTYwOGNjNWQzNGY0ZWExZjY0ZGJmYTJiYTM5N2I5MTQyNjI2YjlkOWI5MDEwMCJ9LCJpZCI6MX0K"}
00509{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":400817,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzTlAADMGQE2yIMTZwKgCXCNa15Yj5r6VgJ4BrIAYADmXOwAAAQEICuyFfrZPjspieyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"}
00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":400850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyRAAEAGRaHAqAJcsiDE2deWI1qAngGsI+a+1IAQAO1WkQAAAQEICk+Oyn\/shX62"}
00670{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":332032,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyVAAEAGROnAqAJcsiDE2deWI1qAngGsI+a+1IAYAO2rlwAAAQEICk+O0UPshX62eyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6IjYzMDU4MDAwIiwicmVzdWx0IjoiYzgxMTEzMWE2Yjk3N2M3MmYwYjBmOWNkYzg0ODk3M2NlNGJlOGZiZDI4NmYzNTgzZmRlMGVhZWZhOGY3MDAwMCJ9LCJpZCI6MX0K"}
00509{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":444796,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzTpAADMGQEyyIMTZwKgCXCNa15Yj5r7UgJ4CY4AYADmIgwAAAQEICuyFhZdPjtFDeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 145/145
~~ skipped flows.............: 0
~~ total layer4 data length..: 15714 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4834544 bytes
~~ total memory freed........: 4834544 bytes
~~ total allocations/frees...: 58506/58506
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~