1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00789{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1717680638779902}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1717680638779902,"pkt":"IHwUotKkrpzVkkEiCABFAABNGrRAAEARC64KAQA8CgEAAbXrADUAObVB6kABAAABAAAAAAAAEmNvbm4tc2VydmljZS1ldS0wNAhhbGxhd25vcwNjb20AAAEAAQ=="}
01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638787962,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1717680638787962,"pkt":"rpzVkkEiIHwUotKkCABFAADInw1AAEARhtkKAQABCgEAPAA1tesAtBUE6kCBgAABAAQAAAAAEmNvbm4tc2VydmljZS1ldS0wNAhhbGxhd25vcwNjb20AAAEAAcAMAAUAAQAAARwALxJjb25uLXNlcnZpY2UtZXUtMDQIYWxsYXdub3MDY29tCWFrYW1haXplZANuZXQAwD0ABQABAABT+gAUBWExOTQ3BGRzY2QGYWthbWFpwGfAeAABAAEAAAAHAARce2V5wHgAAQABAAAABwAEXHtlmQ=="}
01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638787962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1717680638787962,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.101.121"}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638899584,"flow_dst_last_pkt_time":1717680638899584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638899584,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1717680638899584,"flow_dst_last_pkt_time":1717680638899584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680638899584,"pkt":"IHwUotKkrpzVkkEiCABFAAA8OpdAAEAGskoKAQA8jvq0o8HqAFC9FYG1AAAAAKAC\/\/9CwQAAAgQFtAQCCAqachvqAAAAAAEDAwk="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1717680638899584,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680638899755,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQweolBJ+MvRWBtqAS\/ohOCQAAAgQFtAQCCAoLgH8amnIb6gEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1717680638906240,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680638906240,"pkt":"IHwUotKkrpzVkkEiCABFAAA0OphAAEAGslEKAQA8jvq0o8HqAFC9FYG2JQSfjYAQAIAhzQAAAQEICppyG\/ALgH8a"}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680638907186,"pkt":"IHwUotKkrpzVkkEiCABFAAEHOplAAEAGsX0KAQA8jvq0o8HqAFC9FYG2JQSfjYAYAIDm+wAAAQEICppyG\/ELgH8aR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638907186,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638907267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680638907267,"pkt":"rpzVkkEiIHwUotKkCABFAAA0arlAAEAGgjCO+rSjCgEAPABQweolBJ+NvRWCiYAQAfxOAQAAAQEICguAfyGachvx"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680639005444,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680639005444,"pkt":"IHwUotKkrpzVkkEiCABFAAA8EgZAAEAG2tsKAQA8jvq0o8H4AFDU4k+6AAAAAKAC\/\/9ceAAAAgQFtAQCCAqachxTAAAAAAEDAwk="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680639005551,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwfjETWtF1OJPu6AS\/ohOCQAAAgQFtAQCCAoLgH+EmnIcUwEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1717680639008720,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680639008720,"pkt":"IHwUotKkrpzVkkEiCABFAAA0EgdAAEAG2uIKAQA8jvq0o8H4AFDU4k+7xE1rRoAQAIDQGQAAAQEICppyHFcLgH+E"}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680639009837,"pkt":"IHwUotKkrpzVkkEiCABFAAEHEghAAEAG2g4KAQA8jvq0o8H4AFDU4k+7xE1rRoAYAICVSAAAAQEICppyHFgLgH+ER0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680639009837,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639009877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680639009877,"pkt":"rpzVkkEiIHwUotKkCABFAAA0afhAAEAGgvGO+rSjCgEAPABQwfjETWtG1OJQjoAQAfxOAQAAAQEICguAf4iachxY"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641054823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641054823,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641054823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641054823,"pkt":"IHwUotKkrpzVkkEiCABFAAA8HIBAAEAG0GEKAQA8jvq0o8H6AFC23ySBAAAAAKAC\/\/+dsAAAAgQFtAQCCAqaciRVAAAAAAEDAwk="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641055325,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwfphoswdtt8kgqAS\/ohOCQAAAgQFtAQCCAoLgIeFmnIkVQEDAwc="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641065531,"flow_dst_last_pkt_time":1717680641065531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641065531,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641065531,"flow_dst_last_pkt_time":1717680641065531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641065531,"pkt":"IHwUotKkrpzVkkEiCABFAAA8S9NAAEAGIrgKAQA8XHtleZR4AFCBs05pAAAAAKAC\/\/9ThAAAAgQFtAQCCArtH9ZDAAAAAAEDAwk="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641065617,"pkt":"IHwUotKkrpzVkkEiCABFAAA0HIFAAEAG0GgKAQA8jvq0o8H6AFC23ySCYaLMHoAQAIALHgAAAQEICppyJF8LgIeF"}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680641065617,"pkt":"IHwUotKkrpzVkkEiCABFAAEHHIJAAEAGz5QKAQA8jvq0o8H6AFC23ySCYaLMHoAYAIDQTAAAAQEICppyJGALgIeFR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641065617,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641065711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641065711,"pkt":"rpzVkkEiIHwUotKkCABFAAA0ydJAAEAGIxeO+rSjCgEAPABQwfphoswett8lVYAQAfxOAQAAAQEICguAh5CaciRg"}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641065531,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641065763,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAGbotce2V5CgEAPABQlHgEniOkgbNOaqAS\/ojMXwAAAgQFtAQCCAoLgIeQ7R\/WQwEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641087390,"pkt":"IHwUotKkrpzVkkEiCABFAAA0S9RAAEAGIr8KAQA8XHtleZR4AFCBs05qBJ4jpYAQAIDGWgAAAQEICu0f1lcLgIeQ"}
00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680641087390,"pkt":"IHwUotKkrpzVkkEiCABFAAEYS9VAAEAGIdoKAQA8XHtleZR4AFCBs05qBJ4jpYAYAIALCwAAAQEICu0f1lcLgIeQR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641087390,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641087494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641087494,"pkt":"rpzVkkEiIHwUotKkCABFAAA0PABAAEAGMpNce2V5CgEAPABQlHgEniOlgbNPToAQAfzMVwAAAQEICguAh6btH9ZX"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641594363,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594363,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641594363,"pkt":"IHwUotKkrpzVkkEiCABFAAA8A1tAAEAG6YYKAQA8jvq0o8IIAFDjsnqEAAAAAKAC\/\/8YsAAAAgQFtAQCCAqaciZxAAAAAAEDAwk="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641594575,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwghT479J47J6haAS\/ohOCQAAAgQFtAQCCAoLgImhmnImcQEDAwc="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641595073,"flow_dst_last_pkt_time":1717680641595073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641595073,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641595073,"flow_dst_last_pkt_time":1717680641595073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641595073,"pkt":"IHwUotKkrpzVkkEiCABFAAA8KyZAAEAGQ0UKAQA8XHtlmbeEAFBT1wCaAAAAAKAC\/\/\/CdgAAAgQFtAQCCAqaZRKLAAAAAAEDAwk="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641595073,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641595307,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAGbmtce2WZCgEAPABQt4RZYl3oU9cAm6AS\/ojMfwAAAgQFtAQCCAoLgImhmmUSiwEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641597337,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641597337,"pkt":"IHwUotKkrpzVkkEiCABFAAA0A1xAAEAG6Y0KAQA8jvq0o8IIAFDjsnqFU+O\/SoAQAICemwAAAQEICppyJnQLgImh"}
00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680641598489,"pkt":"IHwUotKkrpzVkkEiCABFAAEHA11AAEAG6LkKAQA8jvq0o8IIAFDjsnqFU+O\/SoAYAIBjygAAAQEICppyJnULgImhR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641598489,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641598552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641598552,"pkt":"rpzVkkEiIHwUotKkCABFAAA0yPZAAEAGI\/OO+rSjCgEAPABQwghT479K47J7WIAQAfxOAQAAAQEICguAiaWaciZ1"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641599621,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641599621,"pkt":"IHwUotKkrpzVkkEiCABFAAA0KydAAEAGQ0wKAQA8XHtlmbeEAFBT1wCbWWJd6YAQAICkQgAAAQEICpplEpALgImh"}
00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680641602917,"pkt":"IHwUotKkrpzVkkEiCABFAAEYKyhAAEAGQmcKAQA8XHtlmbeEAFBT1wCbWWJd6YAYAIDo8QAAAQEICpplEpELgImhR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641602917,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641602980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641602980,"pkt":"rpzVkkEiIHwUotKkCABFAAA02RFAAEAGlWFce2WZCgEAPABQt4RZYl3pU9cBf4AQAfzMdwAAAQEICguAiamaZRKR"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643892628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643892628,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643892628,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643892628,"pkt":"IHwUotKkrpzVkkEiCABFAAA838JAAEAGjsgKAQA8XHtleZSIAFBHLuG9AAAAAKAC\/\/\/vlgAAAgQFtAQCCArtH+FRAAAAAAEDAwk="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643898779,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAADYGeItce2V5CgEAPABQlIhO\/3\/iRy7hvqAS\/oimXAAAAgQFrAQCCAq3WcRu7R\/hUQEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1717680643901387,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680643901387,"pkt":"IHwUotKkrpzVkkEiCABFAAA038NAAEAGjs8KAQA8XHtleZSIAFBHLuG+Tv9\/44AQAIDTIAAAAQEICu0f4Vq3WcRu"}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1717680643902355,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680643902355,"pkt":"IHwUotKkrpzVkkEiCABFAAEY38RAAEAGjeoKAQA8XHtleZSIAFBHLuG+Tv9\/44AYAIAX0QAAAQEICu0f4Vq3WcRuR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680643902355,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643902355,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643920100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643920100,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643920100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643920100,"pkt":"IHwUotKkrpzVkkEiCABFAAA8p3JAAEAGRW8KAQA8jvq0o8IKAFCZFg7KAAAAAKAC\/\/\/F7wAAAgQFtAQCCAqaci+GAAAAAAEDAwk="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643928469,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAHcGteGO+rSjCgEAPABQwgoLlBtDmRYOy6AS\/\/8xzgAAAgQFhAQCCAqvfr3rmnIvhgEDAwg="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1717680643933122,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680643933122,"pkt":"IHwUotKkrpzVkkEiCABFAAA0p3NAAEAGRXYKAQA8jvq0o8IKAFCZFg7LC5QbRIAQAIBf3gAAAQEICppyL5Ovfr3r"}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1717680643933123,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680643933123,"pkt":"IHwUotKkrpzVkkEiCABFAAEHp3RAAEAGRKIKAQA8jvq0o8IKAFCZFg7LC5QbRIAYAIAlDQAAAQEICppyL5Svfr3rR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680643933123,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643933123,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1717680644128726,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680644128726,"pkt":"IHwUotKkrpzVkkEiCABFAAEY38VAAEAGjekKAQA8XHtleZSIAFBHLuG+Tv9\/44AYAIAW+QAAAQEICu0f4jK3WcRuR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1717680644164002,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680644164002,"pkt":"IHwUotKkrpzVkkEiCABFAAEHp3VAAEAGRKEKAQA8jvq0o8IKAFCZFg7LC5QbRIAYAIAkNQAAAQEICppyMGyvfr3rR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680798559360,"flow_dst_last_pkt_time":1717680798559360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680798559360,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1717680798559360,"flow_dst_last_pkt_time":1717680798559360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680798559360,"pkt":"IHwUotKklrQYc\/0eCABFAAA8LRlAAEAGv9cKAQBGjvq0itVUAFATLgkgAAAAAKAC\/\/+5vgAAAgQFtAQCCArTEHtxAAAAAAEDAwg="}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1717680798559360,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680798564341,"pkt":"lrQYc\/0eIHwUotKkCABFAAA8AABAAHUGt\/CO+rSKCgEARgBQ1VSBw+KZEy4JIaAS\/\/8\/gQAAAgQFhAQCCAo1F+Dn0xB7cQEDAwg="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680798568142,"pkt":"IHwUotKklrQYc\/0eCABFAAA0LRpAAEAGv94KAQBGjvq0itVUAFATLgkhgcPimoAQAQBtFQAAAQEICtMQe3o1F+Dn"}
00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1717680798568142,"pkt":"IHwUotKklrQYc\/0eCABFAAENLRtAAEAGvwQKAQBGjvq0itVUAFATLgkhgcPimoAYAQDoIgAAAQEICtMQe3s1F+DnR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogcGxheS5nb29nbGVhcGlzLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680798568142,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"play.googleapis.com","http": {"url":"play.googleapis.com\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}}
00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1717680798789824,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1717680798789824,"pkt":"IHwUotKklrQYc\/0eCABFAAENLRxAAEAGvwMKAQBGjvq0itVUAFATLgkhgcPimoAYAQDnRQAAAQEICtMQfFg1F+DnR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogcGxheS5nb29nbGVhcGlzLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638787962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com"}}
01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641096289,"flow_dst_last_pkt_time":1717680641096361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680802234320,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680650975243,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641608255,"flow_dst_last_pkt_time":1717680641608232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com"}}
01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638915103,"flow_dst_last_pkt_time":1717680638915187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}}
01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639017905,"flow_dst_last_pkt_time":1717680639017948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}}
01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641087428,"flow_dst_last_pkt_time":1717680641087481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}}
01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641605840,"flow_dst_last_pkt_time":1717680641605905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}}
00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680650974273,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
00802{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10946,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1717680802234320}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 92/92
~~ skipped flows.............: 0
~~ total layer4 data length..: 10946 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6666179 bytes
~~ total memory freed........: 6666179 bytes
~~ total allocations/frees...: 114249/114249
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 547 chars
~~ json message max len.......: 1220 chars
~~ json message avg len.......: 883 chars
|