aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/false_positives.pcapng.out
blob: b338b9e410b1783c13ff5c46b87ebc23e79ffdfa (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795792449,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795792449}
00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGTH7QAAQBF0ZgqGGUwKhA+wCGgIaABQydQw\/wBAA9RPVEUAAEAAAEAAPgafJwqM5xqfQQyp7xIBu70k08cAAAAAsAL\/\/zWOAAACBAW0AQMDBQEBCApIjJmXAAAAAAQCAAA="}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795871687,"packet_id":2,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795871687}
00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAADgQANQoEAAHEIAEUAAGDvUwAAOxFSNAqED7AKhhlMCGgIaABMAAAw\/wA8HEN000UAADwAAEAAMAatK59BDKkKjOcaAbvvEnriqea9JNPIoBJxID6xAAACBAVQBAIICnITADZIjJmXAQMDBw=="}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795911571,"packet_id":3,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795911571}
00882{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":435,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":435,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAZ3JqAAAQBFxcgqGGUwKhA+wCGgIaAGJx2Iw\/wF5A9RPVEUAAXkAAEAAPgad7gqM5xqfQQyp7xIBu70k08h64qnngBgQIDa1AAABAQgKSIyaGnITADZHRVQgL3dzIEhUVFAvMS4xDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogd2x1ZG8uc3VwZXJraW5nbGFicy5jb206NDQzDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiAyZUJpallVakdXQkhENFdZRDA1ekhnPT0NCk9yaWdpbjogaHR0cDovL3dsdWRvLnN1cGVya2luZ2xhYnMuY29tOjQ0Mw0KU2VjLVdlYlNvY2tldC1Qcm90b2NvbDogZGVmYXVsdC1wcm90b2NvbA0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiANClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCg0K"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795991725,"packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795991725}
00702{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAARTtiwAAOxFTSAqED7AKhhlMCGgIaAEAAAAw\/wDwHEN000UAAPCpt0AAMAYCwJ9BDKkKjOcaAbvvEnriqee9JNUNgBgA68D6AAABAQgKchMAVEiMmhpIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KU2VydmVyOiBuZ2lueC8xLjEyLjINCkRhdGU6IFdlZCwgMTkgT2N0IDIwMjIgMjA6MzY6MzUgR01UDQpDb25uZWN0aW9uOiB1cGdyYWRlDQpVcGdyYWRlOiB3ZWJzb2NrZXQNClNlYy1XZWJTb2NrZXQtQWNjZXB0OiBwVURxeGNYdy9zd2dQU2Y4aFdtM2JBMXZKUU09DQoNCg=="}
00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193086997,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193086997}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAAUAAfBFgjgrAXFEKiCtFy2ZSOAC0HY2ACA9iQ21r\/DQSeFbV1dVV1dXV1dXV1VVV1dVVVVVVVVVVVVVVVVVV1VXV1dXV1dXV1dXV1dXVVdVVVVXVVVVVVVXV1VVVVVXV1VXV1dVV1dXVVVVV1dVVVVVVVVVVVVXVVdVVVdVVVVVVVdVV1dVV1VXV1dVV1VXV1VXVVVVVVdXV1VVVVVVVVVXV1VVVVdXV1dVV1VVV1dVVVVVVVVXV1dXVVVVVVdXVVdXV"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193106355,"packet_id":6,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193106355}
00599{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGiUAAQBEWBgqIK0UKwFxRUjjLZgC0CwuACLdWco7NHkKf05BSVNHf2sHNycr09\/bx8fHx8fHx9vb39PXKyMnPzcPAxsfF2tjZ3t\/c3dLT09DQ0NHR1tbW19fU1NTU1NTU1NTU1dXV1dXV1NTU1NTU1NXU1dXV1dXV1dXVVVVVVVVVVVVVVVVVVFRUVFRUVFRUVFRUV1dXV1RUVFdUVFdXV1dXV1dWV1ZWVlZWVlZWVlZRVlFRUVFQUVBQUFBQUFNTU1NT"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193106495,"packet_id":7,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193106495}
00597{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAAkAAfBFgjQrAXFEKiCtFy2ZSOAC0mmqACA9jQ21snDQSeFbV1dXV1dXVVdXVVdXVVVXV1VXVVVVVVVVVVVXV1VXV1dXV1dXV1dXV1VXV1dVV1dVV1VXVVVVVVVVV1dVV1dXV1dXV1dVVVdVVVVVVVVVVVVXV1VXV1dXV1dXV1VVVVVVV1dXV1VVV1dVVVVVVVdVVVVVVVdVVVdVV1dVVVVVVVdVVVdXV1dXVVdXVVdXV1VXVVVVV1VXVVVVV1VVVVVXV"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193126341,"packet_id":8,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193126341}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGkUAAQBEV\/gqIK0UKwFxRUjjLZgC0Io6ACLdXco7NvkKf05BTU1NTU1NTU1NTU1NTU1BQU1NTU1NTU1NTUlJTUlJTUlJSUlJSUlJSUlJdXV1dXV1dXV1dXV1SXV1dXVNRVldXV1dXVlZRUFNTUlJdXV1cXF9fX19fX1xcXFxcXF1dXV1SUlJSUlJSU1NTU1NQU1BTU1BQUFBTU1NTUFBQUFBTUFBTU1BTU1NTU1NTU1BQU1BQUFNTU1BQUFNQUFNQU1BQ"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193126649,"packet_id":9,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193126649}
00597{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAA0AAfBFgjArAXFEKiCtFy2ZSOAC0FUaACA9kQ21tPDQSeFbV1VXV1dVV1dXV1dXV1dXV1VVVVVVVVVVVVVXVVdXVVdVVVdXV1dVV1dXV1dXV1dXVVVVV1VXV1dXV1dXV1dXV1dXVVdXVVdVVVVVVVVVV1VVV1dXVVVVV1dVVVdXV1dXV1dXV1dXV1dXV1dXVVVVV1VVVVVVVVVXVVVVVVdVV1dXV1dXV1dVV1dXVVdXVVVVVVVVV1dXV1dVVVdXV1dXV"}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193146353,"packet_id":10,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193146353}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGoUAAQBEV7gqIK0UKwFxRUjjLZgC0sZCACLdYco7OXkKf05BQUFNTUFBTU1BQUFNTUFBQUFBQUFBQUFBQUFBQUFBQUFBQU1BQUFBQUFBQUFBRUVBQUVBQUFBQUVFRUVFRUVFRUFBQUFFRUVFRUVFRVlFRUVFRUVFRUVFRUVFRUVFRUVZWUVZRVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZXV1ZWV1ZWV1dXV1ZWVlZXVldXV1dX"}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193146573,"packet_id":11,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193146573}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgABEAAfBFgiwrAXFEKiCtFy2ZSOAC0EymACA9lQ21t3DQSeFbV1dXVVdXV1dVV1dXV1VXV1VVVVVXV1dXV1dVVVVXV1VXV1dXV1dXV1dVVVdVVVdXV1dVVVVVV1VVVVVXV1VXVVVVV1dXV1VVV1dVVVdXV1dXVVdXV1VXVVVVVVVVV1dXV1VXV1dXV1dVVVVVVVVVVVVVVVVVVVdVV1dVV1dVV1dXV1dXV1dXV1dVVVVVVVVVVVdXVVVXV1dXV1dXV1dXV"}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193166349,"packet_id":12,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193166349}
00600{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGp0AAQBEV6AqIK0UKwFxRUjjLZgC0\/DWACLdZco7O\/kKf05BXV1dXV1dXV1dXV1dXV1ZXV1dUV1dXV1dXV1dUV1dXV1dXV1dXV1RUV1RXV1RUVFRUV1dXV1RUVFRUVFRUVFRUVFRUVFdXVFdUVFRUV1RUVFRUVFRVVFRUVFVUVVVUVVRUVFRUVFRUVFRUVVVVVVVVVVVVVVVVVVVVVVVUVFVVVVVUVVVVVFRUVFVVVFRUVVVUVFRVVFRVVFVVVVVVVVVV"}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193166525,"packet_id":13,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193166525}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgABUAAfBFgigrAXFEKiCtFy2ZSOAC0mA2ACA9mQ21ufDQSeFbVVVXV1dVVVVVVVNXVVVXV1dVVVVVVVdVVVdXVVdXV1dXV1dVVVVVV1dXV1VXVVVXV1VXV1dVVVVVVVVVVVdXV1dXU1NVVVdXVVVVV1dVV1VVV1dXV1dXV1dVVVVVVVVVV1dXV1VVV1dVV1dVVVVRUVVXVVdXV1VXVVVVVVVXV1VXVVdXVVVXVVVVV1VXV1dXV1VXVVdVV1dVV1VVV1VXV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193186401,"packet_id":14,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193186401}
00599{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGukAAQBEV1QqIK0UKwFxRUjjLZgC0\/A6ACLdaco7PnkKf05BVVVXVVdVVVVVV1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdXVVVXVVVVVVVVV1VVVVVXVVVVV1VVVVdXVVVVVVdXV1VVV1VVVVVXVVdVV1dVVVVVVVVVVVVXV1dXV1VXV1dVV1dVV1dXV1VVV1VXVVVVV1dVV1dXV1dXV1dVVVVVVVVVV1dXV1dXV1dXV1dXV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193186574,"packet_id":15,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193186574}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgABkAAfBFgiQrAXFEKiCtFy2ZSOAC0mG2ACA9nQ21vHDQSeFZV1dXVVdVV1VXVVVXV1VVVVdVV1dXV1VVV1dVVVVVV1dVVVdXV1dXV1dXVVdXUVVVVVdXV1VVV1VVV1VXV1VVVVdVV1VXVVVVVVVVVVVVU1VXV1dXV1dVV1dRVVVXV1dVVVdXV1dXV1dXV1dVVVVRUVVXV1VVV1dXVVVXV1VVVVdVVVVXVVVXVVVVVVdXV1VXVVVVVVVXV1VVVVdXVVVVV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193206348,"packet_id":16,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193206348}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiGy0AAQBEVxAqIK0UKwFxRUjjLZgC0at6ACLdbco7QPkKf05BVVdXV1dXV1dXV1dXV1VXV1dVVVdXV1dVVVVXVVVXV1dVVVVVV1dXV1dXVVVXV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVdXVVdXV1dXV1dXV1dXV1dXV1dXVVVVVVdXV1dXV1dXVVdVVVdXV1dXV1dXV1NTV1dXV1dXU1dXV1dXV1dXV1dXV1dXV1dVVVdXV1dVVVVVV1VXV1dVV1dXV1dXV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193206563,"packet_id":17,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193206563}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAB0AAfBFgiArAXFEKiCtFy2ZSOAC0lsaACA9oQ21vvDQSeFbV1dVVVVVV1VXV1VVVVVVV1dXVVVVVVVVVVVXV1VVV1VXVVVXVVVXVVVXV1VXV1dVV1dVVVVVVVVXV1VXVVVVV1VXVVVXV1VXVVdXVVdXVVdXV1dXVVVVVVVVV1VVV1VVV1dXVVVXVVVXV1dVVVdXV1VVV1VVV1dXV1dXV1dXVVdXV1dVV1dXVVVXV1VXV1dXV1dVV1dVVVdVVVVVVVdXV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193226331,"packet_id":18,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193226331}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiG30AAQBEVsAqIK0UKwFxRUjjLZgC0ZziACLdcco7Q3kKf05DU1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVdXV1dXV1VXVVVXV1dXV1dVVVVXV1dXV1dXV1dVV1dXV1dXU1dXV1dVVVdXV1NXV1dXV1dXV1dVVVdXV1dXV1dXV1dXV1VVV1VXV1VXVVdXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193226526,"packet_id":19,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193226526}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgACEAAfBFghwrAXFEKiCtFy2ZSOAC0GieACA9pQ21wXDQSeFZVVVVVVVXVVVVV1dXVVVXVVVRVVVRUVNXVVdVVVdXV1dVV1dXVVdXV1VVV1dVV1dXVVdVVVVVV1dXVVdXV1dXV1dXVVVXV1VVV1dXV1VVV1dVV1VVV1dXV1VVV1dXV1VVVVVXV1dXVVVXV1VVV1VVV1VVVVdXV1VXV1dXV1VXV1VVV1dVV1dXVVVVVVFTV1dVVVVVV1VVVVVXVVdXV1dRV"}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193246341,"packet_id":20,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193246341}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiG4kAAQBEVrQqIK0UKwFxRUjjLZgC06BmACLddco7RfkKf05DV1dXV1dXV1VVV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVVVVVVXV1dXVVVVVVVVVVVXV1dXV1dXV1dXV1dXV1dXV1dXV1dVV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVVVV1dXV1dXV1dXV1dVV1dXV1dXV1dXV1dXV1dXVVdVVVVVV1VVVVdXVVVXV1dXV1dXV1dXV1VXV1dXV1dXV1dXV1dXV"}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216944076,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216944076,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAABQAB+EZfeCn5GQwrsB+Fc6MPwALQAAIAIDN0byMsuNBJ4VtVVVVVV1dVV1dVVVVVVVVVVVVXV1dXV1VVV1dXVVVVVVVXV1dXV1VVVVVXVVdXV1dXVVVXVVdXV1dXV1dVVVdXV1VXVVVVVVVVV1VVVVdXV1dVV1VVV1VVV1dVVVdXV1VXV1dVV1dXVVVVV1VVV1dXV1dVVVVXV1VXV1dVV1dXVVdVVVVVVVVVVVVXV1dXV1VVVVVVVVdXVVdXVVdXVVVU="}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1715158216963978,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216963978,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAACQAB+EZfdCn5GQwrsB+Fc6MPwALQAAIAIDN4byMvONBJ4VlXV1dVVVdXVVdXV1VXV1VVVVdXV1dVVVdXV1VXV1dXV1VVVVVVVVVXVVVVVVdXV1dXV1dXV1dVVVVVV1VVV1dXVVVVV1VVV1VXV1dVV1dVVVdVVVVXVVdVVVdXV1dXV1VVV1VVV1VVVVdXV1dXV1VVVVVXVVdXV1dXVVVXV1VVVVVVV1dXV1dXV1dXVVdVVVVVVVVXV1dXV1dVVVdXVVVU="}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216983863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAADQAB+EZfcCn5GQwrsB+Fc6MPwALQAAIAIDN8byMxuNBJ4VlXVVVVV1dVV1VXV1dVVVVVVVVXVVVXV1dXV1VXVVVVVVVXVVdVVVdVVVVXV1VVV1VXV1VVV1dXV1dXVVVVVVVXVVVXVVVVV1dVVVVVV1dXV1VVVVVVV1dXVVVXVVVVV1VVV1dXV1dXV1dVV1VVVVVVVVdXVVdXV1dXV1dVV1dXVVdXV1dXVVVVVVdXVVVVV1VVVVVVVVdXV1dXVVVXV1dU="}
00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="}
00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365850069,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365850069}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvZnwAAOxGNmwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKyKAdgMAFxyoAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365870420,"packet_id":96,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365870420}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvaMQAAOxGNCQru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjqoCAdgMBFxyooEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365890447,"packet_id":97,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365890447}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvarAAAOxGMjgru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKeCAdgMCFxypQEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365910276,"packet_id":98,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365910276}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvbEQAAOxGMKQru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjqT6AdgMDFxyp4EAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365930362,"packet_id":99,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365930362}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvbcAAAOxGLygru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKJ6AdgMEFxyqgEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365950275,"packet_id":100,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365950275}
00459{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvcAAAAOxGLOgru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjp\/yAdgMFFxyrIEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365969990,"packet_id":101,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365969990}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvckgAAOxGKqAru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjJ1yAdgMGFxyrwEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365990362,"packet_id":102,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365990362}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvdNAAAOxGKBgru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjprqAdgMHFxysYEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366010117,"packet_id":103,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366010117}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFveHwAAOxGJGwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjJhqAdgMIFxytAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366030648,"packet_id":104,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366030648}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFveoAAAOxGImgru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjpXiAdgMJFxytoEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366051406,"packet_id":105,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366051406}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFve6QAAOxGIUQru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjJNiAdgMKFxyuQEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366070951,"packet_id":106,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366070951}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvfVAAAOxGH5gru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjpDaAdgMLFxyu4EAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366090538,"packet_id":107,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366090538}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgAAAAOxGHOgru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjI5aAdgMMFxyvgEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366109889,"packet_id":108,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366109889}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgQAAAOxGG+gru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjovSAdgMNFxywIEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366129571,"packet_id":109,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366129571}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgigAAOxGGsAru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjIlSAdgMOFxywwEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366150574,"packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366150574}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvhHwAAOxGGGwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjobKAdgMPFxyxYEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722795102659035,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102659035,"pkt":"CL6sCxduJjb1W8R1CABFLgA6GMRAAEARbpvAqAycOYCsYZMRJv0AJqszaAAPUYSgbEfxN9Y8wUZQdfxtl0Qa5VQhmMi9Nk0X"}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102683745,"pkt":"Jjb1W8R1CL6sCxduCABFAgA6zLVAAC0RzdU5gKxhwKgMnCb9kxEAJt9aNAAPK4SgbEfxN9Y7wUZQdfxtl0Qa5VQhmMi9Nk0X"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103171662,"pkt":"CL6sCxduJjb1W8R1CABFLgA+GPZAAEARbmXAqAycOYCsYZMRJv0AKnLdIQARFdhiP0T1f\/Fgd1gOLZUqyBFtfSnaAZ6RACupnbgY0Q=="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103195033,"pkt":"Jjb1W8R1CL6sCxduCABFAgA+zl1AAC0RzCk5gKxhwKgMnCb9kxEAKhcefIARV9hiP0T1f\/Fgd1gOKpUqyBFtfSnaAZ6RACupnbgY0Q=="}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1722795103670366,"pkt":"CL6sCxduJjb1W8R1CABFLgBEGRVAAEARbkDAqAycOYCsYZMRJv0AMPyVD4AUTLPML0b7cBNBNNvKcqA4d1QFMSncQBKGQnoA2FojtdNgQfDokw=="}
00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":121,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1729281221506087}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221506087,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506087,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAANBgFQABwBjmQW+61FVkfTwyMMA099+lCngAAAACAwiAAwSsAAAIEBbQBAwMIAQEEAg=="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1729281221540090,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1729281221540090,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAKBgHQABwBjmaW+61FVkfTwyMMA099+lCnzr+l11QEAEAT1MAAAAAsF5ivw=="}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":105,"pkt_l4_len":67,"thread_ts_usec":1729281221540163,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAVxgIQABwBjlqW+61FVkfTwyMMA099+lCnzr+l11QGAEA\/zwAAAMAAC8q4AAAAAAAQ29va2llOiBtc3RzaGFzaD1XRGVwbG95QWQNCgEACAADAAAA"}
01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221540163,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":77,"pkt_l4_len":39,"thread_ts_usec":1729281221544114,"pkt":"4N\/\/\/\/9Vzup\/QeD9gQAgTQgARQIAOwRSQACABj06WR9PDFvutRUNPYwwOv6XXffpQs5QGPnRExQAAAMAABMO0AAAEjQAAh8IAAIAAAA="}
02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1255,"pkt_l4_len":1217,"thread_ts_usec":1729281221579370,"pkt":"ICAAAACqLOp\/QeD9gQAgTQgARQIE1QRTQACABjifWR9PDFvutRUNPYwwOv6XcPfpQ29QGPkwq50AABYDAwSoAQAB\/wWJUE5HdGR3DwAAAAAAf0VMRv\/\/VEFQRUcU9v8A\/wAACYAAAAANbgAQUgBd4VtFUw0IjADoJAAAALMDAAAAAAAA\/0AAASAAAAAAAP0AAP3fAAAAAAAAAGAAASg\/AAAAAAAAAP9AAAEAABMAAAAAAAAAeAAAAAAAAAAAAAAA8wYbBlwAAAAAAAAAAAAA+QAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaW9NPLKhOgAAAAfH\/9K+TWstY3B1AABlAAAAAC5pbi1hZGRyLjUzOUNXRAH6\/vX4Cn4KClBBVENIRnhzZW4K\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/90c3A6OC93LXNwZWVkdGVzdC46ZmluCn4KClBBVENIRnhzZW4K\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/90c3A6OC93LXNwZWVkdGVzdC46ZmluZF\/\/\/\/\/\/dHNwOjMyNzY2L3ctc3BlZWR0ZXN0LgAAAAAAAAAAACUlJSUlAioBAAEAAQAAEwAAAAAAAHgAAAAAAAAAAAAAAPMGGwYAAAAAAAAAAAAAAPkAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGlvTTyyoToAAAAHx\/\/Svk1rLWNwdQAAZWcAIHQDgDPzkMBTUC8AAAAAAAAAAAAAAAAAAEQEACCYHwAAEEJlYXJTaGFy\/6L\/AP\/7kAAAAAAAAABEBAAgmB8AABBCZQIAAFEDA2cSvMWWkYyzx7Ss5WFXZ5It9dLKzlwyygR0gzvlqL94IIwSAABO19BXj5zRtWU0AI21SUhoyKea4\/bD1KKGerZQwDAAAAkAFwAA\/wEAAQALAALeAALbAALYMIIC1DCCAbygAwIBAgIQFX7boZ6cZbhM0jiYmcrPKTANBgkqhkiG9w0BkAELBQAwEzERMA8GA1UEAxMIdG9wc2Fsb24wHhcNMTI0MDcyNjA2MDM0MFoXDTI1MDEyNTA2MDM0MFowEzERMA8GA1UEAxMIdG9wc2Fsb24wggEiMA0GCSqGSIb3DeD9gQAgTQgARQIAOwRSQACABj0ubGVmDFvutRUNPYwwOv6XXffpQs5QGPnRExQAAAMAABMO0AAAEjQAAh8IAAIAAADFvBJnu9EIANsAAADbAAAALOp\/QeD9NO0bVMeBf\/\/\/svf\/uwUAyRgJQABwBjj3W+61FVkfTwyMMA099+lCzjr+l3BQGAEAqD4AABYDAwCcAQAAmAMDZxK8xX3QG0v8NPsGPyUZF2YMDeWQrPDp8009Ai1q4HoAADjALMArwDDALwCfAJ7AJMAjwCjAJ8AKwAnAFMATADkAMwCdAJwAPQA8ADUALwAKAGoAQAA4ADIAEwEAADcACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABcAAP8BAAEAxbwSZyrXCADnBAAA5wQAACAgAAAAqizqf0Hg\/YEAIE0IAEUCBNUEU0AAgAY4n1kfTwxb7rUVDT2MMDr+l3D36UNvUBj5MKudAAAWAwMEqAIAAFEDA2cSvMWWkYyzx7Ss5WFXZ5It9dLKzlxkIDQuNC40OyBNSSAzVyBNSVVJKQ=="}
01701{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":""}}
01703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
01038{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}}
00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":125,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6631,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1729281221579370}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 125/41
~~ skipped flows.............: 0
~~ total layer4 data length..: 6631 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 9213032 bytes
~~ total memory freed........: 9213032 bytes
~~ total allocations/frees...: 149845/149845
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 310 chars
~~ json message max len.......: 2234 chars
~~ json message avg len.......: 1262 chars
Powered by cgit, Themed by Ted Yin.