1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666258196034202}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196034202,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196034202,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA816FAAD4G6yisEBFmrBAQa51aJFSXRuFEAAAAAKAC9QBC8wAAAgQjAAQCCAqEzLnHAAAAAAEDAwc="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196036761,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA8AABAAEAGwMqsEBBrrBARZiRUnVr59pHXl0bhRaAS9KzUfwAAAgQjAAQCCApHXJuLhMy5xwEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1666258196062694,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666258196062694,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA016JAAD4G6y+sEBFmrBAQa51aJFSXRuFF+faR2IAQAeoTPgAAAQEICoTMueRHXJuL"}
00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666258196100252,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1666258196100252,"pkt":"ABY+v3lW+hY+\/yO1CABFAABu16NAAD4G6vSsEBFmrBAQa51aJFSXRuFF+faR2IAYAepyggAAAQEICoTMuglHXJuLRVMAAAA0AAAAAAAAAAEIAFzGYwAAAQZ4LXBhY2sWaW50ZXJuYWw6dGNwL2hhbmRzaGFrZQAEy\/auAw=="}
00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196100252,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196100252,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666258196100252,"flow_dst_last_pkt_time":1666258196101613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666258196101613,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA03CxAAEAG5KWsEBBrrBARZiRUnVr59pHYl0bhf4AQAekSnwAAAQEICkdcm8yEzLoJ"}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196282465,"flow_src_last_pkt_time":1666258196282465,"flow_dst_last_pkt_time":1666258196282465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196282465,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48038,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196282465,"flow_dst_last_pkt_time":1666258196282465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196282465,"pkt":"ABY+soAn+hY+\/yO1CABFAAA8EZ9AAD4GsSysEBFmrBAQarumJFQP4g04AAAAAKAC9QASHgAAAgQjAAQCCApP9VyaAAAAAAEDAwc="}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196282465,"flow_dst_last_pkt_time":1666258196283312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196283312,"pkt":"+hY+\/yO1ABY+soAnCABFAAA8AABAAEAGwMusEBBqrBARZiRUu6ZH8AzOD+INOaAS9Kx6HwAAAgQjAAQCCAoYaAYUT\/VcmgEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1666258196309088,"flow_dst_last_pkt_time":1666258196283312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666258196309088,"pkt":"ABY+soAn+hY+\/yO1CABFAAA0EaBAAD4GsTOsEBFmrBAQarumJFQP4g05R\/AMz4AQAerd5wAAAQEICk\/1XLQYaAYU"}
01705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1666258196386938,"flow_dst_last_pkt_time":1666258196283312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":930,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":930,"pkt_l4_len":896,"thread_ts_usec":1666258196386938,"pkt":"ABY+soAn+hY+\/yO1CABFAAOUEaFAAD4GrdKsEBFmrBAQarumJFQP4g05R\/AMz4AYAeomOQAAAQEICk\/1XQIYaAYURVMAAANaAAAAAAAAAAoAAGu7SwAAAJsBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQABBngtcGFjayBpbnRlcm5hbDpkaXNjb3ZlcnkvcmVxdWVzdF9wZWVycwAXZWxhc3RpYy1ub2RlMDIuZ2Fyci5sYWIWNUtpa2xFY3ZRRC01UnVUVjVIbXNlURZwLXRiNXdYbFNodWZXVXBGSDRxU3lBDTE3Mi4xNi4xNy4xMDINMTcyLjE2LjE3LjEwMgSsEBFmDTE3Mi4xNi4xNy4xMDIAACRUAxFtbC5tYWNoaW5lX21lbW9yeQszMzcyOTc2OTQ3Mg94cGFjay5pbnN0YWxsZWQEdHJ1ZRBtbC5tYXhfb3Blbl9qb2JzAjIwBAZpbmdlc3QBaQZtYXN0ZXIBbQRkYXRhAWQCbWwBbMv2rgMCF2VsYXN0aWMtbm9kZTAxLmdhcnIubGFiFjNKd3F0QzNuUmxtQmFEU3dGZFZQOHcWUEFQcEkya2ZRZEdrdjdFYkRVSVNtQQ0xNzIuMTYuMTYuMTA3DTE3Mi4xNi4xNi4xMDcErBAQaw0xNzIuMTYuMTYuMTA3AAAkVAMRbWwubWFjaGluZV9tZW1vcnkLMzM3Mjk3NDg5OTIQbWwubWF4X29wZW5fam9icwIyMA94cGFjay5pbnN0YWxsZWQEdHJ1ZQQGaW5nZXN0AWkGbWFzdGVyAW0EZGF0YQFkAm1sAWzL9q4DF2VsYXN0aWMtbm9kZTAzLmdhcnIubGFiFmQtZWR1cUMwUjE2OUJUb3E2dldDYWcWYlJFSDR4dU1Sd0MwTEVHemY0WUFQQQ0xNzIuMTYuMTYuMTA2DTE3Mi4xNi4xNi4xMDYErBAQag0xNzIuMTYuMTYuMTA2AAAkVAMRbWwubWFjaGluZV9tZW1vcnkLMzM3Mjk3NDg5OTIQbWwubWF4X29wZW5fam9icwIyMA94cGFjay5pbnN0YWxsZWQEdHJ1ZQQGaW5nZXN0AWkGbWFzdGVyAW0EZGF0YQFkAm1sAWzL9q4D"}
00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1666258196282465,"flow_src_last_pkt_time":1666258196386938,"flow_dst_last_pkt_time":1666258196283312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":864,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196386938,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48038,"dst_port":9300,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1666258196386938,"flow_dst_last_pkt_time":1666258196387877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666258196387877,"pkt":"+hY+\/yO1ABY+soAnCABFAAA076JAAEAG0TCsEBBqrBARZiRUu6ZH8AzPD+IQmYAQAeN6FwAAAQEIChhoBnxP9V0C"}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258196428446,"flow_dst_last_pkt_time":1666258196428446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196428446,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196428446,"flow_dst_last_pkt_time":1666258196428446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196428446,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA82RVAAEAG57SsEBBrrBARZoIIJFT9RY40AAAAAKAC9QClegAAAgQjAAQCCApHXJ0TAAAAAAEDAwc="}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196428446,"flow_dst_last_pkt_time":1666258196456068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196456068,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA8AABAAD4GwsqsEBFmrBAQayRUggivKrb9\/UWONaAS9Kz\/WwAAAgQjAAQCCAqEzLtsR1ydEwEDAwc="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1666258196457120,"flow_dst_last_pkt_time":1666258196456068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666258196457120,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA02RZAAEAG57usEBBrrBARZoIIJFT9RY41ryq2\/oAQAeo+GgAAAQEICkdcnTCEzLts"}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258198552605,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1824,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1824,"pkt_l4_len":1790,"thread_ts_usec":1666258198552605,"pkt":"+hY+\/yO1ABY+v3lWCABFAAcSzXZAAEAG7H2sEBBrrBARZiRUnZZXgLSS2VGvFoAYAeSA9gAAAQEICkdcpV+EzMOaRVMAAAbYAAAAAAAAABoDAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQABAGcBUFtlbGFzdGljLW5vZGUwMS5nYXJyLmxhYl1bMTcyLjE2LjE2LjEwNzo5MzAwXVtpbnRlcm5hbDpjbHVzdGVyL3JlcXVlc3RfcHJlX3ZvdGVdAQCWAQGQAnJlamVjdGluZyBQcmVWb3RlUmVxdWVzdHtzb3VyY2VOb2RlPXtlbGFzdGljLW5vZGUwMi5nYXJyLmxhYn17NUtpa2xFY3ZRRC01UnVUVjVIbXNlUX17cC10YjV3WGxTaHVmV1VwRkg0cVN5QX17MTcyLjE2LjE3LjEwMn17MTcyLjE2LjE3LjEwMjo5MzAwfXtkaWxtfXttbC5tYWNoaW5lX21lbW9yeT0zMzcyOTc2OTQ3MiwgbWwubWF4X29wZW5fam9icz0yMCwgeHBhY2suaW5zdGFsbGVkPXRydWV9LCBjdXJyZW50VGVybT0zNjcyfSBhcyB0aGVyZSBpcyBhbHJlYWR5IGEgbGVhZGVyAAw3b3JnLmVsYXN0aWNzZWFyY2guY2x1c3Rlci5jb29yZGluYXRpb24uUHJlVm90ZUNvbGxlY3RvcgEVUHJlVm90ZUNvbGxlY3Rvci5qYXZhFGhhbmRsZVByZVZvdGVSZXF1ZXN0ezdvcmcuZWxhc3RpY3NlYXJjaC5jbHVzdGVyLmNvb3JkaW5hdGlvbi5QcmVWb3RlQ29sbGVjdG9yARVQcmVWb3RlQ29sbGVjdG9yLmphdmEMbGFtYmRhJG5ldyQwRWxvcmcuZWxhc3RpY3NlYXJjaC54cGFjay5zZWN1cml0eS50cmFuc3BvcnQuU2VjdXJpdHlTZXJ2ZXJUcmFuc3BvcnRJbnRlcmNlcHRvciRQcm9maWxlU2VjdXJlZFJlcXVlc3RIYW5kbGVyJDEBJ1NlY3VyaXR5U2VydmVyVHJhbnNwb3J0SW50ZXJjZXB0b3IuamF2YQVkb1J1boECOW9yZy5lbGFzdGljc2VhcmNoLmNvbW1vbi51dGlsLmNvbmN1cnJlbnQuQWJzdHJhY3RSdW5uYWJsZQEVQWJzdHJhY3RSdW5uYWJsZS5qYXZhA3J1biVqb3JnLmVsYXN0aWNzZWFyY2gueHBhY2suc2VjdXJpdHkudHJhbnNwb3J0LlNlY3VyaXR5U2VydmVyVHJhbnNwb3J0SW50ZXJjZXB0b3IkUHJvZmlsZVNlY3VyZWRSZXF1ZXN0SGFuZGxlcgEnU2VjdXJpdHlTZXJ2ZXJUcmFuc3BvcnRJbnRlcmNlcHRvci5qYXZhD21lc3NhZ2VSZWNlaXZlZLsCMm9yZy5lbGFzdGljc2VhcmNoLnRyYW5zcG9ydC5SZXF1ZXN0SGFuZGxlclJlZ2lzdHJ5ARtSZXF1ZXN0SGFuZGxlclJlZ2lzdHJ5LmphdmEWcHJvY2Vzc01lc3NhZ2VSZWNlaXZlZD85b3JnLmVsYXN0aWNzZWFyY2gudHJhbnNwb3J0LkluYm91bmRIYW5kbGVyJFJlcXVlc3RIYW5kbGVyARNJbmJvdW5kSGFuZGxlci5qYXZhBWRvUnVuiAJYb3JnLmVsYXN0aWNzZWFyY2guY29tbW9uLnV0aWwuY29uY3VycmVudC5UaHJlYWRDb250ZXh0JENvbnRleHRQcmVzZXJ2aW5nQWJzdHJhY3RSdW5uYWJsZQESVGhyZWFkQ29udGV4dC5qYXZhBWRvUnVutAU5b3JnLmVsYXN0aWNzZWFyY2guY29tbW9uLnV0aWwuY29uY3VycmVudC5BYnN0cmFjdFJ1bm5hYmxlARVBYnN0cmFjdFJ1bm5hYmxlLmphdmEDcnVuJSdqYXZhLnV0aWwuY29uY3VycmVudC5UaHJlYWRQb29sRXhlY3V0b3IBF1RocmVhZFBvb2xFeGVjdXRvci5qYXZhCXJ1bldvcmtlcugILmphdmEudXRpbC5jb25jdXJyZW50LlRocmVhZFBvb2xFeGVjdXRvciRXb3JrZXIBF1RocmVhZFBvb2xFeGVjdXRvci5qYXZhA3J1bvQEEGphdmEubGFuZy5UaHJlYWQBC1RocmVhZC5qYXZhA3J1br4GAAAAAAAAAAEErBAQaw0xNzIuMTYuMTYuMTA3AAAkVAEhaW50ZXJuYWw6Y2x1c3Rlci9yZXF1ZXN0X3ByZV92b3Rl"}
01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258198552605,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1666258212460747,"flow_dst_last_pkt_time":1666258196456068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_usec":1666258212460747,"pkt":"+hY+\/yO1ABY+v3lWCABFAAE\/2RdAAEAG5q+sEBBrrBARZoIIJFT9RY41ryq2\/oAYAeqO+wAAAQEICkdc27SEzLtsRVMAAAEFAAAAAC4rBpYAAGu7SwAAAKgBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNUzVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQABBngtcGFjay1pbnRlcm5hbDpjbHVzdGVyL25vZGVzL2luZGljZXMvc2hhcmQvc3RvcmVbbl0WM0p3cXRDM25SbG1CYURTd0ZkVlA4dwAAAAApf2NvE3NzaC1ldmVudHMtcS0yMDIyLTIWbHRGX3ltcUhUU0t3VGIzV1dqaDNhUQEA"}
00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212460747,"flow_dst_last_pkt_time":1666258196456068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":267,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258212460747,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666258212469044,"flow_dst_last_pkt_time":1666258196456068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_usec":1666258212469044,"pkt":"+hY+\/yO1ABY+v3lWCABFAAE\/2RhAAEAG5q6sEBBrrBARZoIIJFT9RY9Aryq2\/oAYAeqN2AAAAQEICkdc27yEzLtsRVMAAAEFAAAAAC4rBp8AAGu7SwAAAKgBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNUzVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQABBngtcGFjay1pbnRlcm5hbDpjbHVzdGVyL25vZGVzL2luZGljZXMvc2hhcmQvc3RvcmVbbl0WM0p3cXRDM25SbG1CYURTd0ZkVlA4dwAAAAApf2N0E3NzaC1ldmVudHMtcS0yMDIyLTIWbHRGX3ltcUhUU0t3VGIzV1dqaDNhUQMA"}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1666258220448291,"pkt":"+hY+\/yO1ABY+v3lWCABFAAC9EplAAEAGrbCsEBBrrBARZiRUnWpT5e7d+a0KsYAYAeTSJwAAAQEICkdc+ueEzRkjRVMAAACDAAAAAAAAAHsBAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQA="}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":37,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1666258921758874}
00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196256706,"flow_dst_last_pkt_time":1666258196229737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":414,"midstream":0,"thread_ts_usec":1666258923619099,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1666259164268444,"pkt":"ABY+soAn+hY+\/yO1CABFAAHarfFAAD4GEzysEBFmrBAQarucJFRoIUIXoUah\/oAYAebLKwAAAQEIClAEIdUYdep8RVMAAAGgAAAAAAAADI8AAGu7SwAAADAAAAEGeC1wYWNrJWluZGljZXM6ZGF0YS9yZWFkL3NlYXJjaFtwaGFzZS9xdWVyeV0WNUtpa2xFY3ZRRC01UnVUVjVIbXNlUQAAAAAAAE7GCS5raWJhbmFfMRY5YW1TRnUtMlJWbUQ3aDFUaDMwOTJBAAEBAAEAAgAAAAAAAAAAAQRib29sP4AAAAABE3NpbXBsZV9xdWVyeV9zdHJpbmc\/gAAAAAEwAAAAASp1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbi5zdGF0dXM\/gAAA\/\/\/\/\/wAAAAAAAAABADIBAAABBGJvb2w\/gAAAAAAAAQRib29sP4AAAAABBHRlcm0\/gAAAAAR0eXBlFSN1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbgEGZXhpc3RzP4AAAAAJbmFtZXNwYWNlAAABAAABAQExAQAAABQAAAAAAAACAQAAAAAAAX\/\/\/\/8AAAA\/gAAAv7ikpr8wAgABAAABBy5raWJhbmEDAgQFAQA="}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259173881713,"flow_src_last_pkt_time":1666259173881713,"flow_dst_last_pkt_time":1666259173881713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":757,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":757,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":47980,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1666259173881713,"flow_dst_last_pkt_time":1666259173881713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":823,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":823,"pkt_l4_len":789,"thread_ts_usec":1666259173881713,"pkt":"ABY+soAn+hY+\/yO1CABFAAMpFlVAAD4GqYmsEBFmrBAQartsJFT+zego6G4TLYAYAerlhAAAAQEIClAER2IYaAXxRVMAAALvAAAAAAAADKYAAGu7SwAAACgAAAEGeC1wYWNrHWluZGljZXM6ZGF0YS93cml0ZS9idWxrW3NdW3JdFkx1bzNPZzVpUmo2NkQtZjd2RllNMVFAFjVLaWtsRWN2UUQtNVJ1VFY1SG1zZVEAAAAAAABP9QEJLmtpYmFuYV8xFjlhbVNGdS0yUlZtRDdoMVRoMzA5MkEAAAAAAQIECS5raWJhbmFfMeizFQIBAQAAAAD\/\/\/\/+AgQHLmtpYmFuYQAAAQRfZG9jAR1tYXBzLXRlbGVtZXRyeTptYXBzLXRlbGVtZXRyeQCMA3sibWFwcy10ZWxlbWV0cnkiOnsic2V0dGluZ3MiOnsic2hvd01hcFZpc3VhbGl6YXRpb25UeXBlcyI6ZmFsc2V9LCJpbmRleFBhdHRlcm5zV2l0aEdlb0ZpZWxkQ291bnQiOjAsIm1hcHNUb3RhbENvdW50IjowLCJ0aW1lQ2FwdHVyZWQiOiIyMDIyLTEwLTIwVDA5OjQ2OjEzLjc3M1oiLCJhdHRyaWJ1dGVzUGVyTWFwIjp7ImRhdGFTb3VyY2VzQ291bnQiOnsibWluIjowLCJtYXgiOjAsImF2ZyI6MH0sImxheWVyc0NvdW50Ijp7Im1pbiI6MCwibWF4IjowLCJhdmciOjB9LCJsYXllclR5cGVzQ291bnQiOnt9LCJlbXNWZWN0b3JMYXllcnNDb3VudCI6e319fSwidHlwZSI6Im1hcHMtdGVsZW1ldHJ5IiwicmVmZXJlbmNlcyI6W10sInVwZGF0ZWRfYXQiOiIyMDIyLTEwLTIwVDA5OjQ2OjEzLjc3NFoifQD\/\/\/\/\/\/\/\/\/\/QABBV9ub25lAQVfbm9uZQEA\/\/\/\/\/\/\/\/\/\/8BAAMAAQAAAAAAAAkua2liYW5hXzEWOWFtU0Z1LTJSVm1EN2gxVGgzMDkyQQAEX2RvYx1tYXBzLXRlbGVtZXRyeTptYXBzLXRlbGVtZXRyedQBxAxAAAEAwgzEDA=="}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259173881713,"flow_src_last_pkt_time":1666259173881713,"flow_dst_last_pkt_time":1666259173881713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":757,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":757,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":47980,"dst_port":9300,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259173881713,"flow_src_last_pkt_time":1666259173881713,"flow_dst_last_pkt_time":1666259173881713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":757,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":757,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":47980,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666258196282465,"flow_src_last_pkt_time":1666258956731873,"flow_dst_last_pkt_time":1666258956705715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":864,"flow_dst_max_l4_payload_len":375,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48038,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212491705,"flow_dst_last_pkt_time":1666258212486464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2955,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1666259173881713}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 47/47
~~ skipped flows.............: 0
~~ total layer4 data length..: 9589 bytes
~~ total detected protocols..: 7
~~ total active/idle flows...: 7/7
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11503863 bytes
~~ total memory freed........: 11503863 bytes
~~ total allocations/frees...: 216745/216745
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 552 chars
~~ json string max len.......: 2903 chars
~~ json string avg len.......: 1726 chars
|