aboutsummaryrefslogtreecommitdiff
path: root/test/results/coap_mqtt.pcap.out
blob: c7633aa812dc0dd86f5d673b71809c7ae8bc5786 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1333957710293035}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957710293035,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764217,"flow_src_last_pkt_time":1333957715764217,"flow_dst_last_pkt_time":1333957715764217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957715764217,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1333957715764217,"flow_dst_last_pkt_time":1333957715764217,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957715764217,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764217,"flow_src_last_pkt_time":1333957715764217,"flow_dst_last_pkt_time":1333957715764217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957715764217,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200749,"flow_src_last_pkt_time":1333957717200749,"flow_dst_last_pkt_time":1333957717200749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957717200749,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1333957717200749,"flow_dst_last_pkt_time":1333957717200749,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957717200749,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200749,"flow_src_last_pkt_time":1333957717200749,"flow_dst_last_pkt_time":1333957717200749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957717200749,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629009,"flow_src_last_pkt_time":1333957718629009,"flow_dst_last_pkt_time":1333957718629009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957718629009,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1333957718629009,"flow_dst_last_pkt_time":1333957718629009,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957718629009,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629009,"flow_src_last_pkt_time":1333957718629009,"flow_dst_last_pkt_time":1333957718629009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957718629009,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1333957720773953,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1375090528017876}
00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_usec":1375090528017876,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
00842{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528127292,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_usec":1375090528127292,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090529153497,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"thread_ts_usec":1375090529153497,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090529165959,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764217,"flow_src_last_pkt_time":1333957715764217,"flow_dst_last_pkt_time":1333957715764217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090529165959,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200749,"flow_src_last_pkt_time":1333957717200749,"flow_dst_last_pkt_time":1333957717200749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090529165959,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629009,"flow_src_last_pkt_time":1333957718629009,"flow_dst_last_pkt_time":1333957718629009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090529165959,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090529165959,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090926676575,"flow_dst_last_pkt_time":1375090926676575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090926676575,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1375090926676575,"flow_dst_last_pkt_time":1375090926676575,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375090926676575,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
00843{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090926676575,"flow_dst_last_pkt_time":1375090926676575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090926676575,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1375090926676575,"flow_dst_last_pkt_time":1375090926735550,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375090926735550,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090926735550,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"thread_ts_usec":1375090935026698,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375090935240020,"flow_dst_last_pkt_time":1375090935240020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090935240020,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1375090935240020,"flow_dst_last_pkt_time":1375090935240020,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1375090935240020,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
00843{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375090935240020,"flow_dst_last_pkt_time":1375090935240020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090935240020,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1375090935240020,"flow_dst_last_pkt_time":1375090935293289,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_usec":1375090935293289,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
00885{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090529165959,"flow_dst_last_pkt_time":1375090529153497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1375090935293289,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375090935293289,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375091005616928,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00886{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00886{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1455907243976582}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907243976582,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243977291,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1455907243977291,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1455907244175731,"flow_dst_last_pkt_time":1455907243977291,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1455907244175731,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00884{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1455907244175731,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00884{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091022221897,"flow_dst_last_pkt_time":1375091022272173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":19,"midstream":0,"thread_ts_usec":1455907244175731,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907258332152,"flow_dst_last_pkt_time":1455907258332152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907258332152,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1455907258332152,"flow_dst_last_pkt_time":1455907258332152,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907258332152,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907258332152,"flow_dst_last_pkt_time":1455907258332152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907258332152,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1455907258332152,"flow_dst_last_pkt_time":1455907258332556,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1455907258332556,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1455907258532086,"flow_dst_last_pkt_time":1455907258332556,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1455907258532086,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907267002212,"flow_dst_last_pkt_time":1455907267002212,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907267002212,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1455907267002212,"flow_dst_last_pkt_time":1455907267002212,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1455907267002212,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1455907267002212,"flow_dst_last_pkt_time":1455907267002284,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1455907267002284,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1455907267002460,"flow_dst_last_pkt_time":1455907267002284,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1455907267002460,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907267007095,"flow_dst_last_pkt_time":1455907267002284,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907267007095,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1455907271481938,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00869{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907271483430,"flow_dst_last_pkt_time":1455907271483430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907271483430,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271483430,"flow_dst_last_pkt_time":1455907271483430,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1455907271483430,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907271483430,"flow_dst_last_pkt_time":1455907271483430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907271483430,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271483762,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1455907271483762,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1455907271483430,"flow_dst_last_pkt_time":1455907271485428,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1455907271485428,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1455907271522028,"flow_dst_last_pkt_time":1455907271485428,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1455907271522028,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"}
00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1455907271585820,"flow_dst_last_pkt_time":1455907271483762,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907271585820,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
01842{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":116,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907271697274,"flow_dst_last_pkt_time":1455907271735420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":367,"midstream":0,"thread_ts_usec":1455907271735420,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":72,"avg":304137.8,"max":4438876,"stddev":1061040.8,"var":1125807423488.0,"ent":1.6,"data": [72,248,4635,4859,1038,9311,9054,2795,3496,481,2352,21820,23421,198700,4438876,4242440,38504,37941,469,2294,62501,64983,1232,38696,37823,527,2778,66747,69695,1087,39395,0]},"pktlen": {"min":54,"avg":76.3,"max":140,"stddev":30.1,"var":907.0,"ent":4.9,"data": [66,66,60,73,54,58,114,58,69,59,138,60,114,58,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54]},"bins": {"c_to_s": [11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01855{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":162,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907271915318,"flow_dst_last_pkt_time":1455907271915135,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":448,"midstream":1,"thread_ts_usec":1455907271915318,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":130,"avg":1802493.1,"max":27505948,"stddev":6724537.0,"var":45219399598080.0,"ent":1.2,"data": [709,199149,27505948,27310358,42735,39960,130,529,60417,61165,1588,38934,37729,553,2947,66282,69491,1247,39646,39140,1019,2437,62744,65305,1790,40465,38726,170,6175,66713,73088,0]},"pktlen": {"min":54,"avg":77.4,"max":140,"stddev":32.8,"var":1072.6,"ent":4.9,"data": [60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60]},"bins": {"c_to_s": [10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01854{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":163,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907271915337,"flow_dst_last_pkt_time":1455907271915223,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":448,"midstream":1,"thread_ts_usec":1455907271915337,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":237,"avg":876330.8,"max":13150790,"stddev":3197714.5,"var":10225378656256.0,"ent":1.4,"data": [404,199934,13150790,12952309,38608,37989,477,2148,62571,64954,1016,38807,38093,501,2594,66803,69615,1179,39541,39110,979,2406,62938,65497,773,40198,39480,237,5592,67477,73236,0]},"pktlen": {"min":54,"avg":77.4,"max":140,"stddev":32.8,"var":1072.6,"ent":4.9,"data": [60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60]},"bins": {"c_to_s": [10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01835{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":184,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907271957948,"flow_dst_last_pkt_time":1455907271958031,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":320,"midstream":1,"thread_ts_usec":1455907271958031,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":156,"avg":30616.7,"max":73508,"stddev":26730.8,"var":714536192.0,"ent":4.3,"data": [1998,38598,37069,480,2447,62266,64859,841,38683,38127,461,2290,67273,69748,665,39428,39498,931,2251,63248,65640,1623,40275,38699,156,6124,67250,73508,2463,42357,39863,0]},"pktlen": {"min":54,"avg":79.0,"max":140,"stddev":33.2,"var":1105.2,"ent":4.9,"data": [140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114]},"bins": {"c_to_s": [13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856457,"flow_src_last_pkt_time":1455907272856457,"flow_dst_last_pkt_time":1455907272856457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907272856457,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1455907272856457,"flow_dst_last_pkt_time":1455907272856457,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907272856457,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00870{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856457,"flow_src_last_pkt_time":1455907272856457,"flow_dst_last_pkt_time":1455907272856457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907272856457,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1455907272856457,"flow_dst_last_pkt_time":1455907272858898,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1455907272858898,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1455907272969405,"flow_dst_last_pkt_time":1455907272858898,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1455907272969405,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
01767{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":588,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907273126173,"flow_dst_last_pkt_time":1455907273127913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":1455907273127913,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1824,"avg":106135.8,"max":117757,"stddev":19323.7,"var":373406144.0,"ent":4.9,"data": [1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114,0]},"pktlen": {"min":59,"avg":99.6,"max":143,"stddev":38.6,"var":1486.7,"ent":4.9,"data": [138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59]},"bins": {"c_to_s": [0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907274088318,"flow_dst_last_pkt_time":1455907274088318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":97,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":97,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907274088318,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1455907274088318,"flow_dst_last_pkt_time":1455907274088318,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1455907274088318,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00871{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907274088318,"flow_dst_last_pkt_time":1455907274088318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":97,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":97,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907274088318,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1455907274088318,"flow_dst_last_pkt_time":1455907274089637,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1455907274089637,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1455907274193327,"flow_dst_last_pkt_time":1455907274089637,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1455907274193327,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
01770{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1308,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907272856457,"flow_src_last_pkt_time":1455907274582746,"flow_dst_last_pkt_time":1455907274587363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1552,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":1455907274587363,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2441,"avg":111522.4,"max":127663,"stddev":20842.5,"var":434411712.0,"ent":4.9,"data": [2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708,0]},"pktlen": {"min":60,"avg":100.5,"max":142,"stddev":38.5,"var":1485.6,"ent":4.9,"data": [137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64]},"bins": {"c_to_s": [0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907275690777,"flow_dst_last_pkt_time":1455907275690777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907275690777,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1455907275690777,"flow_dst_last_pkt_time":1455907275690777,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1455907275690777,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00871{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907275690777,"flow_dst_last_pkt_time":1455907275690777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907275690777,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1455907275690777,"flow_dst_last_pkt_time":1455907275695868,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1455907275695868,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1455907275831283,"flow_dst_last_pkt_time":1455907275695868,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1455907275831283,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
01770{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2067,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907275896569,"flow_dst_last_pkt_time":1455907275902611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1455907275902611,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1319,"avg":116856.3,"max":131359,"stddev":22365.2,"var":500202464.0,"ent":4.9,"data": [1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537,0]},"pktlen": {"min":60,"avg":101.2,"max":143,"stddev":38.5,"var":1485.3,"ent":4.9,"data": [139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63]},"bins": {"c_to_s": [0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01770{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3210,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907277661201,"flow_dst_last_pkt_time":1455907277663998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1561,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1455907277663998,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":5091,"avg":127214.4,"max":172321,"stddev":26264.3,"var":689812928.0,"ent":4.9,"data": [5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564,0]},"pktlen": {"min":59,"avg":101.1,"max":143,"stddev":38.6,"var":1487.1,"ent":4.9,"data": [141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65]},"bins": {"c_to_s": [0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907282684236,"flow_dst_last_pkt_time":1455907282686487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":9710,"flow_dst_tot_l4_payload_len":2010,"midstream":0,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907285180257,"flow_dst_last_pkt_time":1455907285181466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":9747,"flow_dst_tot_l4_payload_len":2047,"midstream":0,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907272856457,"flow_src_last_pkt_time":1455907284043615,"flow_dst_last_pkt_time":1455907284046276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":9760,"flow_dst_tot_l4_payload_len":2060,"midstream":0,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907286607662,"flow_dst_last_pkt_time":1455907286608960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":9721,"flow_dst_tot_l4_payload_len":2021,"midstream":0,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":921,"flow_dst_packets_processed":1001,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907286855601,"flow_dst_last_pkt_time":1455907286651307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":25602,"flow_dst_tot_l4_payload_len":36002,"midstream":1,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":918,"flow_dst_packets_processed":1008,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907286855164,"flow_dst_last_pkt_time":1455907286651208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":25602,"flow_dst_tot_l4_payload_len":36002,"midstream":1,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1005,"flow_dst_packets_processed":914,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907286651405,"flow_dst_last_pkt_time":1455907286855128,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":36004,"flow_dst_tot_l4_payload_len":25600,"midstream":1,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":924,"flow_dst_packets_processed":1004,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907286845922,"flow_dst_last_pkt_time":1455907286646890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":25754,"flow_dst_tot_l4_payload_len":36101,"midstream":0,"thread_ts_usec":1455907286855601,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-payload-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1455907286855601}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 8516/8514
~~ skipped flows.............: 0
~~ total layer4 data length..: 294179 bytes
~~ total detected protocols..: 16
~~ total active/idle flows...: 16/16
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6315163 bytes
~~ total memory freed........: 6315163 bytes
~~ total allocations/frees...: 130155/130155
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 494 chars
~~ json string max len.......: 1860 chars
~~ json string avg len.......: 1176 chars
Powered by cgit, Themed by Ted Yin.