1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00796{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892498843228,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892498843228,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgfUNAAEARIrnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892508718573,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892508718573,"pkt":"AQBeAAD7CL6sCxduCABFAACp0bJAAP8R++vAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892508718573,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1666892528852605,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892528852605,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgjQpAAEAREvLAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892528852605,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892528852605,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666892558863230,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892558863230,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACglepAAEARChLAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892558863230,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892588871798,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892588871798,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgstxAAEAR7R\/AqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":7,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892588871798,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892588871798,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {}}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1666892633842855,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842855,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM4AACoBQ7rO91fVwKgMnAMK8UwAAAAARQAASDkiAAAvEV5ywKgMnM73V9WWNQ2WADRpiwABABjUTqxrg0koNwyX5EIW+rUGAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666892635753795,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892635753795,"pkt":"CL6sCxduJjb1W8R1CABFAABIOTUAAEARTV\/AqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666892635753953,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892635753953,"pkt":"CL6sCxduJjb1W8R1CABFAABIOTYAAEARTV7AqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1666892635852576,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892635852576,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWqYAACoBQeLO91fVwKgMnAMK8UwAAAAARQAASDk1AAAvEV5fwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1666892635852609,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892635852609,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWqcAACoBQeHO91fVwKgMnAMK8UwAAAAARQAASDk2AAAvEV5ewKgMnM73V9WWNQ2WADRpiwABABjUTqxrg0koNwyX5EIW+rUGAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892636812000,"pkt":"AQBeAAD7CL6sCxduCABFAACp7TxAAP8R4GHAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1666892637730612,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892637730612,"pkt":"CL6sCxduJjb1W8R1CABFAABIOYoAAEARTQrAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1666892637730829,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892637730829,"pkt":"CL6sCxduJjb1W8R1CABFAABIOYsAAEARTQnAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1666892639751068,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892639751068,"pkt":"CL6sCxduJjb1W8R1CABFAABIOgcAAEARTI3AqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1666892639751265,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892639751265,"pkt":"CL6sCxduJjb1W8R1CABFAABIOggAAEARTIzAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666892641776721,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892641776721,"pkt":"CL6sCxduJjb1W8R1CABFAABIOn0AAEARTBfAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666892641781090,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892641781090,"pkt":"CL6sCxduJjb1W8R1CABFAABIOn4AAEARTBbAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892618882757,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892641781090,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1666892657972027,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892657972027,"pkt":"Jjb1W8R1CL6sCxduCABFAABkhkgAACoBFkDO91fVwKgMnAMK8UwAAAAARQAASD6zAAAvEVjhwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673725028,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673725028,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666892673725028,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725028,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIgAAEARIiXAqAycwKgB4pY1oEwAXRyMHwIBAAgAAQAEAFybY3sAAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673725028,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673725028,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1666892673725248,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725248,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIkAAEARIiTAqAycwKgB4pY1oEwAXadLHwIBAAgAAQAEANjXXNwAAAAHAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673725248,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673725248,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1666892673725547,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725547,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIoAAEARIiPAqAycwKgB4pY1oEwAXYkzHwIBAAgAAQAEAIBz0vsAAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1666892673757876,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673757876,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIsAAEARIiLAqAycwKgB4pY1oEwAXXrZHwIBAAgAAQAEAFzqBN8AAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673789642,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIwAAEARIiHAqAycwKgB4pY1oEwAXVN0HwIBAAgAAQAEAEyhPI0AAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
01064{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673789642,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673789642,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675237560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892675237560,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675237560,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675237560,"pkt":"CL6sCxduJjb1W8R1CABFAABxyQcAAEARIabAqAycwKgB4piZtqUAXVDbHwIBAAgAAQAEAE4VDvgAAAAHAAAAY7alAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675237560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892675237560,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675245954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675245954,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEcUAAD8R2ejAqAHiwKgMnLalmJkAXSbfHwIBAAQAAQAIAOKlwW4AAAAIAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675245954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675247719,"pkt":"CL6sCxduJjb1W8R1CABFAABxyQgAAEARIaXAqAycwKgB4piZtqUAXcEmHwIBAAgAAQAEAKU0R4MAAAARAAAAY7alAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675257992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675257992,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEcYAAD8R2efAqAHiwKgMnLalmJkAXdfvHwIBAAQAAQAIAJS5XkAAAAASAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675258045,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675258045,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEccAAD8R2ebAqAHiwKgMnLalmJkAXdfvHwIBAAQAAQAIAJS5XkAAAAASAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":99,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675646012,"flow_dst_last_pkt_time":1666892675643750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1028,"flow_dst_max_l4_payload_len":1249,"flow_src_tot_l4_payload_len":10188,"flow_dst_tot_l4_payload_len":10473,"midstream":0,"thread_ts_usec":1666892675646012,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":26278.8,"max":88605,"stddev":20740.6,"var":430173408.0,"ent":4.5,"data": [8394,10159,12038,53,14255,4983,17542,37266,28360,52475,28978,88605,223,71337,10758,22416,50,28514,48671,32496,39006,13417,192,30154,24517,22794,31770,53366,31819,40077,9957]},"pktlen": {"min":113,"avg":673.7,"max":1277,"stddev":485.6,"var":235788.4,"ent":4.5,"data": [113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043]},"bins": {"c_to_s": [0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0],"entropies": [4.879871845,4.806567192,4.780356884,4.859664917,4.859664917,4.837792873,4.824266434,4.879871845,4.824266434,4.806567192,4.815755367,7.809407711,0.496801347,0.516033888,7.832608223,7.657176495,7.832114697,5.751297951,7.815535069,7.718434811,7.700232506,7.835743904,7.666582108,7.693008900,5.751585960,7.688401699,7.843828678,7.832822323,7.774564743,7.788288593,7.829477787,7.789775848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":391,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892678903561,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":391,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892678903561,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":392,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892708913171,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":392,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892708913171,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892708913171,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892768936597,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892768936597,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892768936597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":396,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892828955061,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":396,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892828955061,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1716,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892828955061,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {}}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1666892883560509,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560509,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1sAACoB1gXO9wr9wKgMnAMKpHQAAAAARQAASJwGAAAvEUhmwKgMnM73Cv2k4A2WADT61gABABiwUG0gVBnJGDm6llrB8slMAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1666892885486853,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892885486853,"pkt":"CL6sCxduJjb1W8R1CABFAABInKwAAEARNsDAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1666892885487101,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892885487101,"pkt":"CL6sCxduJjb1W8R1CABFAABInK0AAEARNr\/AqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1666892885583770,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892885583770,"pkt":"Jjb1W8R1CL6sCxduCABFAABkGzEAACoBzi\/O9wr9wKgMnAMKpHQAAAAARQAASJytAAAvEUe\/wKgMnM73Cv2k4A2WADT61gABABiwUG0gVBnJGDm6llrB8slMAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1666892885583814,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892885583814,"pkt":"Jjb1W8R1CL6sCxduCABFAABkGzIAACoBzi7O9wr9wKgMnAMKpHQAAAAARQAASJysAAAvEUfAwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1666892887508490,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892887508490,"pkt":"CL6sCxduJjb1W8R1CABFAABInUcAAEARNiXAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1666892887510737,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892887510737,"pkt":"CL6sCxduJjb1W8R1CABFAABInUgAAEARNiTAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1666892887605358,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892887605358,"pkt":"Jjb1W8R1CL6sCxduCABFAABkIpcAACoBxsnO9wr9wKgMnAMKpHQAAAAARQAASJ1HAAAvEUclwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1666892889516492,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892889516492,"pkt":"CL6sCxduJjb1W8R1CABFAABInb8AAEARNa3AqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1666892889516733,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892889516733,"pkt":"CL6sCxduJjb1W8R1CABFAABIncAAAEARNazAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1666892891530509,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892891530509,"pkt":"CL6sCxduJjb1W8R1CABFAABInkQAAEARNSjAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1666892891530651,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892891530651,"pkt":"CL6sCxduJjb1W8R1CABFAABInkUAAEARNSfAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892892848004,"pkt":"AQBeAAD7CL6sCxduCABFAACp79dAAP8R3cbAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892888976960,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
02287{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":462,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892913745701,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892913745701,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":973717.2,"max":2030871,"stddev":1005257.0,"var":1010541658112.0,"ent":3.9,"data": [41,2023261,44,2021544,37,2008437,21,2013453,36,1994813,23,2022454,40,1990669,67,2022201,30,2021984,58,1995365,12,2020200,29,2002242,3110,1996909,3099,2014147,17,2030871,19]},"pktlen": {"min":100,"avg":100.0,"max":100,"stddev":0.0,"var":0.0,"ent":5.0,"data": [100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.350244999,5.278791904,5.243694782,5.287598610,5.377793789,5.326340675,5.377793789,5.318793297,5.397793770,5.262695789,5.298792839,5.370244980,5.291243553,5.322695732,5.318792820,5.350244999,5.318792820,5.377793789,5.278791904,5.330244541,5.317793369,5.286341190,5.271244049,5.322696686,5.377794266,5.326341152,5.318791866,5.357794285,5.377793789,5.326341152,5.397794247,5.346340656]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923321165,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923321165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1666892923321165,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923321165,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmcAAEAR\/dHAqAycCk4OsqTguNAAXGjlHwIBAAgAAQAEAFN4+RkAAAAHAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923321165,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923321165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1666892923321371,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923321371,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmgAAEAR\/dDAqAycCk4OsqTguNAAXKRQHwIBAAgAAQAEAPdVGXQAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
01072{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":481,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923321371,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923321371,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1666892923348636,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923348636,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmsAAEAR\/c3AqAycCk4OsqTguNAAXPn3HwIBAAgAAQAEACPKl1gAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1666892923359882,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923359882,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmwAAEAR\/czAqAycCk4OsqTguNAAXGjlHwIBAAgAAQAEAFN4+RkAAAAHAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1666892923367589,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923367589,"pkt":"CL6sCxduJjb1W8R1CABFAABwlm0AAEAR\/cvAqAycCk4OsqTguNAAXKRQHwIBAAgAAQAEAPdVGXQAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892923611662,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923611662,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1666892923611662,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923611662,"pkt":"CL6sCxduJjb1W8R1CABFAABwlosAAEAR\/a3AqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892923611662,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923611662,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1666892923635445,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923635445,"pkt":"CL6sCxduJjb1W8R1CABFAABwlo8AAEAR\/anAqAycCk4OssGrwbIAXAueHwIBAAgAAQAEAMtPr\/kAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
01072{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892923635445,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923635445,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1666892923635783,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923635783,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpAAAEAR\/ajAqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
01066{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892921796330,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923636261,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1666892923665584,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923665584,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpMAAEAR\/aXAqAycCk4OssGrwbIAXLY+HwIBAAgAAQAEAJJ1PjMAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1666892923667149,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923667149,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpQAAEAR\/aTAqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":519,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923731059,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923731059,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":149,"avg":13222.4,"max":52278,"stddev":15933.9,"var":253890336.0,"ent":4.0,"data": [206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554]},"pktlen": {"min":112,"avg":112.0,"max":112,"stddev":0.0,"var":0.0,"ent":5.0,"data": [112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":590,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892924448503,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892924448503,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":338,"avg":26994.9,"max":54779,"stddev":14468.3,"var":209331424.0,"ent":4.7,"data": [23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675]},"pktlen": {"min":112,"avg":112.0,"max":112,"stddev":0.0,"var":0.0,"ent":5.0,"data": [112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892921796330,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892921699835,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 763/763
~~ skipped flows.............: 0
~~ total layer4 data length..: 240182 bytes
~~ total detected protocols..: 13
~~ total active/idle flows...: 13/13
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6691356 bytes
~~ total memory freed........: 6691356 bytes
~~ total allocations/frees...: 114917/114917
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 577 chars
~~ json message max len.......: 2332 chars
~~ json message avg len.......: 1453 chars
|