aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/http-basic-auth.pcap.out
blob: 57560fd46bb08b884c5bde0ff1d254c73e9a6b4f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028385,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028385,"pkt":"TBfruiThKM\/pITwrCABFAABA\/zNAAEAG\/C\/AqAAEwP69qdQtAFChp4vUAAAAALAC\/\/\/9NwAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035028541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028541,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035028541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028541,"pkt":"TBfruiThKM\/pITwrCABFAABARTpAAEAGtinAqAAEwP69qdQuAFCbT66bAAAAALAC\/\/\/gxwAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028589,"flow_src_last_pkt_time":1381844035028589,"flow_dst_last_pkt_time":1381844035028589,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028589,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028589,"flow_dst_last_pkt_time":1381844035028589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028589,"pkt":"TBfruiThKM\/pITwrCABFAABADjpAAEAG7SnAqAAEwP69qdQvAFCoTr9cAAAAALAC\/\/\/DBgAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028652,"flow_src_last_pkt_time":1381844035028652,"flow_dst_last_pkt_time":1381844035028652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028652,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028652,"flow_dst_last_pkt_time":1381844035028652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028652,"pkt":"TBfruiThKM\/pITwrCABFAABAKkJAAEAG0SHAqAAEwP69qdQwAFBuQOUDAAAAALAC\/\/\/XbAAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028715,"flow_src_last_pkt_time":1381844035028715,"flow_dst_last_pkt_time":1381844035028715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028715,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54321,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028715,"flow_dst_last_pkt_time":1381844035028715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028715,"pkt":"TBfruiThKM\/pITwrCABFAABA7DhAAEAGDyvAqAAEwP69qdQxAFCavb5VAAAAALAC\/\/\/RnAAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028764,"flow_src_last_pkt_time":1381844035028764,"flow_dst_last_pkt_time":1381844035028764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028764,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028764,"flow_dst_last_pkt_time":1381844035028764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028764,"pkt":"TBfruiThKM\/pITwrCABFAABAEVJAAEAG6hHAqAAEwP69qdQyAFCxYw76AAAAALAC\/\/9qUQAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035271581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035271581,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1C0tABj3oaeL1aASOJCuxQAAAgQFtAQCCAowzbAOH37Y+QEDAwc="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035271683,"flow_dst_last_pkt_time":1381844035271581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035271683,"pkt":"TBfruiThKM\/pITwrCABFAAA0pi1AAEAGVULAqAAEwP69qdQtAFChp4vVLQAY+IAQICv1CwAAAQEICh9+2eQwzbAO"}
01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035271831,"flow_dst_last_pkt_time":1381844035271581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1381844035271831,"pkt":"TBfruiThKM\/pITwrCABFAALwo0FAAEAGVXLAqAAEwP69qdQtAFChp4vVLQAY+IAYICvADwAAAQEICh9+2eQwzbAOR0VUIC9wYXNzd29yZC1vay5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9icm93c2Vyc3B5LmRrL3Bhc3N3b3JkLnBocA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUsc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOA0KQ29va2llOiBfX3V0bWE9MTkwOTA4MjgxLjE1NjAwOTU2MTEuMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjEzODE4NDM5NjguMTsgX191dG1iPTE5MDkwODI4MS4yLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0yDQoNCg=="}
01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035271831,"flow_dst_last_pkt_time":1381844035271581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035271831,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035272770,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035272770,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1C5+WVJ+m0+unKASOJAHdQAAAgQFtAQCCAowzbAOH37Y+QEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035272807,"flow_dst_last_pkt_time":1381844035272770,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035272807,"pkt":"TBfruiThKM\/pITwrCABFAAA0GAVAAEAG42rAqAAEwP69qdQuAFCbT66cfllSf4AQICtNugAAAQEICh9+2eUwzbAO"}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028589,"flow_dst_last_pkt_time":1381844035273963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035273963,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1C82UcsfqE6\/XaASOJC5GgAAAgQFtAQCCAowzbAOH37Y+QEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035274020,"flow_dst_last_pkt_time":1381844035273963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035274020,"pkt":"TBfruiThKM\/pITwrCABFAAA0bjhAAEAGjTfAqAAEwP69qdQvAFCoTr9dNlHLIIAQICv\/XgAAAQEICh9+2eYwzbAO"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028652,"flow_dst_last_pkt_time":1381844035274785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035274785,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DDJcBvkbkDlBKASOJDpnAAAAgQFtAQCCAowzbAOH37Y+QEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035274849,"flow_dst_last_pkt_time":1381844035274785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035274849,"pkt":"TBfruiThKM\/pITwrCABFAAA07klAAEAGDSbAqAAEwP69qdQwAFBuQOUEyXAb5YAQICsv4QAAAQEICh9+2eYwzbAO"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028715,"flow_dst_last_pkt_time":1381844035275491,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035275491,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DEEP9dAmr2+VqASOJDtoAAAAgQFtAQCCAowzbAPH37Y+QEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035275551,"flow_dst_last_pkt_time":1381844035275491,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035275551,"pkt":"TBfruiThKM\/pITwrCABFAAA0IH1AAEAG2vLAqAAEwP69qdQxAFCavb5WBD\/XQYAQICsz5AAAAQEICh9+2ecwzbAP"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1381844035028764,"flow_dst_last_pkt_time":1381844035276958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844035276958,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DLsyC8lsWMO+6ASOJBF5wAAAgQFtAQCCAowzbAPH37Y+QEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1381844035277018,"flow_dst_last_pkt_time":1381844035276958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035277018,"pkt":"TBfruiThKM\/pITwrCABFAAA091dAAEAGBBjAqAAEwP69qdQyAFCxYw777MgvJoAQICuMKQAAAQEICh9+2egwzbAP"}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1381844035271831,"flow_dst_last_pkt_time":1381844035473468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844035473468,"pkt":"KM\/pITwrTBfruiThCABFAAA0qNpAADgGWpXA\/r2pwKgABABQ1C0tABj4oaeOkYAQAH0R6gAAAQEICjDNsCIfftnk"}
01376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035271831,"flow_dst_last_pkt_time":1381844035700881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844035700881,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035274020,"flow_dst_last_pkt_time":1381844036455351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844036455351,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1C82UcsfqE6\/XaASOJC3tgAAAgQFtAQCCAowzbCFH37Z5gEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1381844036455409,"flow_dst_last_pkt_time":1381844036455351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844036455409,"pkt":"TBfruiThKM\/pITwrCABFAAA0U3hAAEAGp\/fAqAAEwP69qdQvAFCoTr9dNlHLIIAQICv6WwAAAQEICh9+3nIwzbCF"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035274849,"flow_dst_last_pkt_time":1381844036455939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844036455939,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DDJcBvkbkDlBKASOJDoOAAAAgQFtAQCCAowzbCFH37Z5gEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1381844036455957,"flow_dst_last_pkt_time":1381844036455939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844036455957,"pkt":"TBfruiThKM\/pITwrCABFAAA01H1AAEAGJvLAqAAEwP69qdQwAFBuQOUEyXAb5YAQICsq3gAAAQEICh9+3nIwzbCF"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035275551,"flow_dst_last_pkt_time":1381844036656056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844036656056,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DEEP9dAmr2+VqASOJDsKAAAAgQFtAQCCAowzbCZH37Z5wEDAwc="}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035272807,"flow_dst_last_pkt_time":1381844036656058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844036656058,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1C5+WVJ+m0+unKASOJAF\/gAAAgQFtAQCCAowzbCZH37Z5QEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1381844036656100,"flow_dst_last_pkt_time":1381844036656056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844036656100,"pkt":"TBfruiThKM\/pITwrCABFAAA053xAAEAGE\/PAqAAEwP69qdQxAFCavb5WBD\/XQYAQICsuCQAAAQEICh9+3zgwzbCZ"}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1381844036656103,"flow_dst_last_pkt_time":1381844036656058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844036656103,"pkt":"TBfruiThKM\/pITwrCABFAAA0zktAAEAGLSTAqAAEwP69qdQuAFCbT66cfllSf4AQICtH3AAAAQEICh9+3zgwzbCZ"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1381844035277018,"flow_dst_last_pkt_time":1381844036855762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844036855762,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1DLsyC8lsWMO+6ASOJBEWgAAAgQFtAQCCAowzbCtH37Z6AEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1381844036855811,"flow_dst_last_pkt_time":1381844036855762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844036855811,"pkt":"TBfruiThKM\/pITwrCABFAAA0FxpAAEAG5FXAqAAEwP69qdQyAFCxYw777MgvJoAQICuFdwAAAQEICh9+3\/wwzbCt"}
02346{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844044399138,"flow_dst_last_pkt_time":1381844040725570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":17663,"midstream":0,"thread_ts_usec":1381844044399138,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":148,"avg":486062.5,"max":4822274,"stddev":1309153.4,"var":1713882660864.0,"ent":2.3,"data": [243196,243298,148,201887,227413,1311,430408,641,632,713,711,3572,3798,7425,3723,7953,11635,689,3191,3891,163946,2383,166300,3677,3948,7631,2870,2894,4822274,4822270,3673510]},"pktlen": {"min":52,"avg":626.5,"max":1500,"stddev":665.8,"var":443276.4,"ent":4.1,"data": [64,60,52,752,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1001,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.398337364,5.061408997,5.032077789,5.838774204,4.997954369,5.443287373,5.624647617,4.931210041,5.359400749,4.969671249,5.607663631,5.008132935,5.437678814,5.128450871,4.993616104,5.042200089,5.074336529,4.955154419,5.089815617,5.058782578,5.046594620,5.097640038,5.186443329,5.046594620,5.364174843,5.377959251,4.993615627,5.660900116,5.008132935,4.959492207,4.921030998,4.959492683]},"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844044399424,"flow_dst_last_pkt_time":1381844036656058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844044399424,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
01487{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844044399424,"flow_dst_last_pkt_time":1381844044760012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844044760012,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
02460{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844044959736,"flow_dst_last_pkt_time":1381844049795255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":17660,"midstream":0,"thread_ts_usec":1381844049795255,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":615,"avg":796706.7,"max":7938863,"stddev":2054476.8,"var":4220874653696.0,"ent":2.4,"data": [244229,244266,1383288,1383296,7743321,7938863,165091,1246,361868,624,619,735,737,4064,3634,7761,4005,4074,8030,3769,3934,7708,159484,3939,163426,3586,5972,9548,636,615,4835541]},"pktlen": {"min":52,"avg":627.9,"max":1500,"stddev":665.6,"var":443017.8,"ent":4.1,"data": [64,60,52,60,52,787,58,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,998,52,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.410132408,5.060326576,5.168681622,5.026993275,5.168681622,5.870592117,5.306257725,5.450420380,5.628381252,5.053297043,5.424509525,5.053297043,5.667114258,5.008132935,5.445472717,5.133921146,5.091758251,5.049359322,5.074092865,5.053296566,5.089149952,5.064444065,5.130219936,5.096500874,5.196474552,5.130220413,5.360597610,5.388802052,5.091758251,5.667555809,5.053296566,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1381844050402655,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844050402655,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}
01544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":805,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":805,"pkt_l4_len":771,"thread_ts_usec":1381844050402794,"pkt":"TBfruiThKM\/pITwrCABFAAMXqUtAAEAGT0HAqAAEwP69qdRBAFCa4jGzA2bR\/oAYICs3TAAAAQEICh9\/FGkwzbX3R0VUIC9wYXNzd29yZC1vay5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcG1ZV2xzTWc9PQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9icm93c2Vyc3B5LmRrL3Bhc3N3b3JkLnBocA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUsc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOA0KQ29va2llOiBfX3V0bWE9MTkwOTA4MjgxLjE1NjAwOTU2MTEuMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjEzODE4NDM5NjguMTsgX191dG1iPTE5MDkwODI4MS4yLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0yDQoNCg=="}
01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050402794,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050442116,"flow_src_last_pkt_time":1381844050442116,"flow_dst_last_pkt_time":1381844050442116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050442116,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050442116,"flow_dst_last_pkt_time":1381844050442116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050442116,"pkt":"TBfruiThKM\/pITwrCABFAABAaWdAAEAGkfzAqAAEwP69qdRCAFDCY8vsAAAAALAC\/\/9gtwAAAgQFtAEDAwQBAQgKH38UkAAAAAAEAgAA"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050596540,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844050596540,"pkt":"KM\/pITwrTBfruiThCABFAAA0Z\/RAADgGm3vA\/r2pwKgABABQ1EEDZtH+muI0loAQAH2ivAAAAQEICjDNtgoffxRp"}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050442116,"flow_dst_last_pkt_time":1381844050623573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050623573,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1ELin7XYwmPL7aASOJC5xAAAAgQFtAQCCAowzbYNH38UkAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1381844050623651,"flow_dst_last_pkt_time":1381844050623573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844050623651,"pkt":"TBfruiThKM\/pITwrCABFAAA0Cz5AAEAG8DHAqAAEwP69qdRCAFDCY8vt4p+12YAQICsAQgAAAQEICh9\/FUQwzbYN"}
01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050802943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844050802943,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1381844050623651,"flow_dst_last_pkt_time":1381844051739010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844051739010,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1ELin7XYwmPL7aASOJC4oQAAAgQFtAQCCAowzbZ8H38VRAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1381844051739081,"flow_dst_last_pkt_time":1381844051739010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844051739081,"pkt":"TBfruiThKM\/pITwrCABFAAA0gnhAAEAGePfAqAAEwP69qdRCAFDCY8vt4p+12YAQICv7hAAAAQEICh9\/GZIwzbZ8"}
02457{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1381844050442116,"flow_src_last_pkt_time":1381844057135128,"flow_dst_last_pkt_time":1381844051739010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844057135128,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54338,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1381844050442116,"flow_src_last_pkt_time":1381844057135128,"flow_dst_last_pkt_time":1381844057523096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844057523096,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54338,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
02459{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1381844050442116,"flow_src_last_pkt_time":1381844057723799,"flow_dst_last_pkt_time":1381844057725512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17644,"midstream":0,"thread_ts_usec":1381844057725512,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":635,"avg":469841.2,"max":5591098,"stddev":1348017.8,"var":1817151799296.0,"ent":2.2,"data": [181457,181535,1115437,1115430,5396047,5591098,192988,1417,389436,1115,1101,639,635,696,704,7077,815,7915,3913,3464,7345,4246,161732,165980,3931,3954,7898,3905,3728,7657,1784]},"pktlen": {"min":52,"avg":627.5,"max":1500,"stddev":656.2,"var":430625.7,"ent":4.1,"data": [64,60,52,60,52,791,58,1500,537,52,131,52,274,52,365,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,669]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1],"entropies": [4.472632408,5.139575005,5.085056305,5.172908306,5.168682098,5.873699665,5.146184921,5.448584080,5.607875347,5.091758728,5.449282169,5.130220413,5.633373260,5.130220413,5.752526760,4.931210041,5.309836864,5.032855988,5.000318527,5.073556423,5.058814049,5.168682098,5.089309692,5.072751999,5.168682098,5.080257416,5.173832417,5.091758251,5.410381317,5.421474934,5.168682098,5.759155273]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844061727807,"flow_src_last_pkt_time":1381844061727807,"flow_dst_last_pkt_time":1381844061727807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061727807,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1381844061727807,"flow_dst_last_pkt_time":1381844061727807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844061727807,"pkt":"TBfruiThKM\/pITwrCABFAABAi+9AAEAGb3TAqAAEwP69qdREAFDBcXQcAAAAALAC\/\/+N3QAAAgQFtAEDAwQBAQgKH39AKgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844061727853,"flow_src_last_pkt_time":1381844061727853,"flow_dst_last_pkt_time":1381844061727853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061727853,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54341,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1381844061727853,"flow_dst_last_pkt_time":1381844061727853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844061727853,"pkt":"TBfruiThKM\/pITwrCABFAABANLZAAEAGxq3AqAAEwP69qdRFAFB6nllLAAAAALAC\/\/\/vgAAAAgQFtAEDAwQBAQgKH39AKgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844061727907,"flow_src_last_pkt_time":1381844061727907,"flow_dst_last_pkt_time":1381844061727907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061727907,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1381844061727907,"flow_dst_last_pkt_time":1381844061727907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844061727907,"pkt":"TBfruiThKM\/pITwrCABFAABA7vlAAEAGDGrAqAAEwP69qdRGAFBqLa2uAAAAALAC\/\/+rjQAAAgQFtAEDAwQBAQgKH39AKgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844061727971,"flow_src_last_pkt_time":1381844061727971,"flow_dst_last_pkt_time":1381844061727971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061727971,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54343,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1381844061727971,"flow_dst_last_pkt_time":1381844061727971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844061727971,"pkt":"TBfruiThKM\/pITwrCABFAABAoP9AAEAGWmTAqAAEwP69qdRHAFD1WIkDAAAAALAC\/\/9FDAAAAgQFtAEDAwQBAQgKH39AKgAAAAAEAgAA"}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1381844061727807,"flow_dst_last_pkt_time":1381844061931199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844061931199,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1ETvO4DVwXF0HaASOJAK5wAAAgQFtAQCCAowzbp4H39AKgEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1381844061931281,"flow_dst_last_pkt_time":1381844061931199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844061931281,"pkt":"TBfruiThKM\/pITwrCABFAAA0ivdAAEAGcHjAqAAEwP69qdREAFDBcXQd7zuA1oAQICtRUQAAAQEICh9\/QPEwzbp4"}
01531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1381844061931628,"flow_dst_last_pkt_time":1381844061931199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1381844061931628,"pkt":"TBfruiThKM\/pITwrCABFAAMPmLxAAEAGX9jAqAAEwP69qdREAFDBcXQd7zuA1oAYICueoAAAAQEICh9\/QPEwzbp4R0VUIC90aGVtZS9kZWZhdWx0LmNzcyBIVFRQLzEuMQ0KSG9zdDogYnJvd3NlcnNweS5kaw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wDQpBdXRob3JpemF0aW9uOiBCYXNpYyBkR1Z6ZERwMFpYTjANCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpJZi1Nb2RpZmllZC1TaW5jZTogV2VkLCAyOSBPY3QgMjAwOCAyMTo1Mjo0MiBHTVQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzhfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzMwLjAuMTU5OS42OSBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwOi8vYnJvd3NlcnNweS5kay9wYXNzd29yZC5waHANCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlLHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgNCkNvb2tpZTogX191dG1hPTE5MDkwODI4MS4xNTYwMDk1NjExLjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjE7IF9fdXRtYj0xOTA5MDgyODEuMi4xMC4xMzgxODQzOTY5OyBfX3V0bWM9MTkwOTA4MjgxOyBfX3V0bXo9MTkwOTA4MjgxLjEzODE4NDM5NjkuMS4xLnV0bWNzcj1nb29nbGV8dXRtY2NuPShvcmdhbmljKXx1dG1jbWQ9b3JnYW5pY3x1dG1jdHI9KG5vdCUyMHByb3ZpZGVkKTsgX191bmFtPTZiNmFiNmQtMTQxYmM1MWE4MWUtNDEwMmE2NjEtMg0KDQo="}
01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844061727807,"flow_src_last_pkt_time":1381844061931628,"flow_dst_last_pkt_time":1381844061931199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":731,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061931628,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54340,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/theme\/default.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1381844061727853,"flow_dst_last_pkt_time":1381844061931855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844061931855,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EWpvFxJep5ZTKASOJDWlQAAAgQFtAQCCAowzbp4H39AKgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1381844061931933,"flow_dst_last_pkt_time":1381844061931855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844061931933,"pkt":"TBfruiThKM\/pITwrCABFAAA0R5ZAAEAGs9nAqAAEwP69qdRFAFB6nllMqbxcSoAQICsdAAAAAQEICh9\/QPEwzbp4"}
01508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1381844061932132,"flow_dst_last_pkt_time":1381844061931855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":780,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":780,"pkt_l4_len":746,"thread_ts_usec":1381844061932132,"pkt":"TBfruiThKM\/pITwrCABFAAL+GOJAAEAG38PAqAAEwP69qdRFAFB6nllMqbxcSoAYICtpJAAAAQEICh9\/QPEwzbp4R0VUIC9qcy9qcXVlcnkuanMgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcDBaWE4wDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9icm93c2Vyc3B5LmRrL3Bhc3N3b3JkLW9rLnBocA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUsc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOA0KQ29va2llOiBfX3V0bWE9MTkwOTA4MjgxLjE1NjAwOTU2MTEuMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjEzODE4NDM5NjguMTsgX191dG1iPTE5MDkwODI4MS4yLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0yDQpJZi1Nb2RpZmllZC1TaW5jZTogVGh1LCAxMSBNYXIgMjAxMCAwODoxNzowOSBHTVQNCg0K"}
01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844061727853,"flow_src_last_pkt_time":1381844061932132,"flow_dst_last_pkt_time":1381844061931855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":714,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061932132,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54341,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/js\/jquery.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1381844061727907,"flow_dst_last_pkt_time":1381844061937859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844061937859,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EbqZULAai2tr6ASOJBrggAAAgQFtAQCCAowzbp4H39AKgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1381844061937927,"flow_dst_last_pkt_time":1381844061937859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844061937927,"pkt":"TBfruiThKM\/pITwrCABFAAA0Ca5AAEAG8cHAqAAEwP69qdRGAFBqLa2v6mVCwYAQICux5gAAAQEICh9\/QPcwzbp4"}
01529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1381844061938163,"flow_dst_last_pkt_time":1381844061937859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":795,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":795,"pkt_l4_len":761,"thread_ts_usec":1381844061938163,"pkt":"TBfruiThKM\/pITwrCABFAAMNY+dAAEAGlK\/AqAAEwP69qdRGAFBqLa2v6mVCwYAYICtkzQAAAQEICh9\/QPcwzbp4R0VUIC9waWNzL2xvZ28ucG5nIEhUVFAvMS4xDQpIb3N0OiBicm93c2Vyc3B5LmRrDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTANCkF1dGhvcml6YXRpb246IEJhc2ljIGRHVnpkRHAwWlhOMA0KQWNjZXB0OiBpbWFnZS93ZWJwLCovKjtxPTAuOA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTAgU2VwIDIwMDggMDc6MTc6MTAgR01UDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjIuMTAuMTM4MTg0Mzk2OTsgX191dG1jPTE5MDkwODI4MTsgX191dG16PTE5MDkwODI4MS4xMzgxODQzOTY5LjEuMS51dG1jc3I9Z29vZ2xlfHV0bWNjbj0ob3JnYW5pYyl8dXRtY21kPW9yZ2FuaWN8dXRtY3RyPShub3QlMjBwcm92aWRlZCk7IF9fdW5hbT02YjZhYjZkLTE0MWJjNTFhODFlLTQxMDJhNjYxLTINCg0K"}
01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844061727907,"flow_src_last_pkt_time":1381844061938163,"flow_dst_last_pkt_time":1381844061937859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":729,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":729,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844061938163,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54342,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/pics\/logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1381844061727971,"flow_dst_last_pkt_time":1381844061939362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844061939362,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EckI1o49ViJBKASOJCzywAAAgQFtAQCCAowzbp4H39AKgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1381844061939410,"flow_dst_last_pkt_time":1381844061939362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844061939410,"pkt":"TBfruiThKM\/pITwrCABFAAA0U6pAAEAGp8XAqAAEwP69qdRHAFD1WIkEJCNaOYAQICv6LgAAAQEICh9\/QPgwzbp4"}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1381844061931628,"flow_dst_last_pkt_time":1381844062125971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844062125971,"pkt":"KM\/pITwrTBfruiThCABFAAA0Ol1AADgGyRLA\/r2pwKgABABQ1ETvO4DWwXF2+IAQAH1uEQAAAQEICjDNuosff0Dx"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1381844061932132,"flow_dst_last_pkt_time":1381844062136331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844062136331,"pkt":"KM\/pITwrTBfruiThCABFAAA05sZAADgGHKnA\/r2pwKgABABQ1EWpvFxKep5cFoAQAH050AAAAQEICjDNuowff0Dx"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1381844061938163,"flow_dst_last_pkt_time":1381844062145678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844062145678,"pkt":"KM\/pITwrTBfruiThCABFAAA0+ExAADgGCyPA\/r2pwKgABABQ1EbqZULBai2wiIAQAH3OpgAAAQEICjDNuo0ff0D3"}
01532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1381844062186836,"flow_dst_last_pkt_time":1381844061939362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":798,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":798,"pkt_l4_len":764,"thread_ts_usec":1381844062186836,"pkt":"TBfruiThKM\/pITwrCABFAAMQV9lAAEAGoLrAqAAEwP69qdRHAFD1WIkEJCNaOYAYICuc4QAAAQEICh9\/Qekwzbp4R0VUIC9waWNzL21lbnVuZXcucG5nIEhUVFAvMS4xDQpIb3N0OiBicm93c2Vyc3B5LmRrDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTANCkF1dGhvcml6YXRpb246IEJhc2ljIGRHVnpkRHAwWlhOMA0KQWNjZXB0OiBpbWFnZS93ZWJwLCovKjtxPTAuOA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTAgU2VwIDIwMDggMDc6MTc6MTAgR01UDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjIuMTAuMTM4MTg0Mzk2OTsgX191dG1jPTE5MDkwODI4MTsgX191dG16PTE5MDkwODI4MS4xMzgxODQzOTY5LjEuMS51dG1jc3I9Z29vZ2xlfHV0bWNjbj0ob3JnYW5pYyl8dXRtY21kPW9yZ2FuaWN8dXRtY3RyPShub3QlMjBwcm92aWRlZCk7IF9fdW5hbT02YjZhYjZkLTE0MWJjNTFhODFlLTQxMDJhNjYxLTINCg0K"}
01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844061727971,"flow_src_last_pkt_time":1381844062186836,"flow_dst_last_pkt_time":1381844061939362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":732,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":732,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844062186836,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54343,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/pics\/menunew.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1381844062186836,"flow_dst_last_pkt_time":1381844062488032,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844062488032,"pkt":"KM\/pITwrTBfruiThCABFAAA04JFAADgGIt7A\/r2pwKgABABQ1EckI1o59ViL4IAQAH0V4AAAAQEICjDNuqgff0Hp"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844062496242,"flow_src_last_pkt_time":1381844062496242,"flow_dst_last_pkt_time":1381844062496242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844062496242,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1381844062496242,"flow_dst_last_pkt_time":1381844062496242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844062496242,"pkt":"TBfruiThKM\/pITwrCABFAABAkuVAAEAGaH7AqAAEwP69qdRSAFDVdqyrAAAAALAC\/\/8+YwAAAgQFtAEDAwQBAQgKH39DAgAAAAAEAgAA"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1381844062496242,"flow_dst_last_pkt_time":1381844062698903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844062698903,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1FImffAU1XasrKASOJAUnwAAAgQFtAQCCAowzbrFH39DAgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1381844062698942,"flow_dst_last_pkt_time":1381844062698903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844062698942,"pkt":"TBfruiThKM\/pITwrCABFAAA0YtlAAEAGmJbAqAAEwP69qdRSAFDVdqysJn3wFYAQICtbEwAAAQEICh9\/Q78wzbrF"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1381844062698942,"flow_dst_last_pkt_time":1381844063845822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844063845822,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1FImffAU1XasrKASOJATbwAAAgQFtAQCCAowzbs4H39DvwEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1381844063845863,"flow_dst_last_pkt_time":1381844063845822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844063845863,"pkt":"TBfruiThKM\/pITwrCABFAAA0e5VAAEAGf9rAqAAEwP69qdRSAFDVdqysJn3wFYAQICtWZQAAAQEICh9\/R\/owzbs4"}
02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1381844061727807,"flow_src_last_pkt_time":1381844067703357,"flow_dst_last_pkt_time":1381844067703253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2915,"flow_dst_tot_l4_payload_len":10258,"midstream":0,"thread_ts_usec":1381844067703357,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":347,"avg":385516.0,"max":4811609,"stddev":1139853.2,"var":1299265486848.0,"ent":2.3,"data": [203392,203474,347,194772,10358,204769,49737,338079,288311,3608,208918,205344,4591773,4811609,185264,1775,406847,615,596,587,590,772,773,3805,6476,10310,1423,1428,3877,3724,7643]},"pktlen": {"min":52,"avg":464.5,"max":1500,"stddev":552.5,"var":305249.3,"ent":4.1,"data": [64,60,52,783,52,189,52,788,189,52,791,189,52,761,58,1500,597,52,131,52,274,52,365,52,1500,1500,52,1500,52,1500,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,3,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0],"entropies": [4.390677452,5.106241703,5.038779736,5.875100136,5.085056305,5.777829647,5.130219936,5.868322372,5.778357983,5.115703106,5.880733013,5.809575558,5.130219936,5.887176991,5.202809811,5.422725201,5.485099316,5.091758728,5.371863842,5.038780212,5.653170109,5.014835358,5.728616714,5.091758728,5.307989597,5.030235767,5.053297043,5.075532913,4.969671249,5.062749863,5.095754147,4.976373672]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844082425453,"flow_src_last_pkt_time":1381844082425453,"flow_dst_last_pkt_time":1381844082425453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844082425453,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1381844082425453,"flow_dst_last_pkt_time":1381844082425453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844082425453,"pkt":"TBfruiThKM\/pITwrCABFAABAMpFAAEAGyNLAqAAEwP69qdTXAFABrqZiAAAAALAC\/\/\/M+AAAAgQFtAEDAwQBAQgKH3+N+QAAAAAEAgAA"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1381844082425453,"flow_dst_last_pkt_time":1381844082622675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844082622675,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1NfqsPMJAa6mY6ASOJDURAAAAgQFtAQCCAowzcKMH3+N+QEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1381844082622750,"flow_dst_last_pkt_time":1381844082622675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844082622750,"pkt":"TBfruiThKM\/pITwrCABFAAA0AuhAAEAG+IfAqAAEwP69qdTXAFABrqZj6rDzCoAQICsasgAAAQEICh9\/jr0wzcKM"}
01504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1381844082622852,"flow_dst_last_pkt_time":1381844082622675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":775,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":775,"pkt_l4_len":741,"thread_ts_usec":1381844082622852,"pkt":"TBfruiThKM\/pITwrCABFAAL5P4NAAEAGuSfAqAAEwP69qdTXAFABrqZj6rDzCoAYICv5FAAAAQEICh9\/jr0wzcKMR0VUIC9wYXNzd29yZC5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkF1dGhvcml6YXRpb246IEJhc2ljIGRHVnpkRHAwWlhOMA0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9icm93c2Vyc3B5LmRrL3Bhc3N3b3JkLW9rLnBocA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUsc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOA0KQ29va2llOiBfX3V0bWE9MTkwOTA4MjgxLjE1NjAwOTU2MTEuMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjEzODE4NDM5NjguMTsgX191dG1iPTE5MDkwODI4MS43LjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS03DQoNCg=="}
01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844082425453,"flow_src_last_pkt_time":1381844082622852,"flow_dst_last_pkt_time":1381844082622675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":709,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":709,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844082622852,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54487,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1381844082622852,"flow_dst_last_pkt_time":1381844082816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844082816250,"pkt":"KM\/pITwrTBfruiThCABFAAA0MapAADgG0cXA\/r2pwKgABABQ1NfqsPMKAa6pKIAQAH03hwAAAQEICjDNwqAff469"}
02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844082425453,"flow_src_last_pkt_time":1381844088080748,"flow_dst_last_pkt_time":1381844088080670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":709,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":709,"flow_dst_tot_l4_payload_len":17317,"midstream":0,"thread_ts_usec":1381844088080748,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":102,"avg":364855.2,"max":4837586,"stddev":1178766.5,"var":1389490601984.0,"ent":1.9,"data": [197222,197297,102,193575,225052,1593,420118,327,280,1247,1255,4196,3606,7815,4104,4119,3654,4110,7758,3960,3966,162118,4002,166111,4028,4032,3496,1364,4856,4837563,4837586]},"pktlen": {"min":52,"avg":615.9,"max":1500,"stddev":661.2,"var":437136.2,"ent":4.1,"data": [64,60,52,761,52,1500,597,52,131,52,471,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,398,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.421927452,5.106241703,5.077241421,5.897662163,4.993616104,5.435614109,5.488083363,5.077241421,5.391955853,5.077241421,5.742127895,5.038779736,5.332324028,5.060839653,4.976373672,5.062715054,4.993616104,5.077183723,5.085110664,5.077241421,5.069314480,4.993616104,5.109283447,5.169320583,5.077241421,5.316966534,4.993616104,5.533395290,5.769576073,5.038779736,5.032077789,4.993616104]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844093773481,"flow_src_last_pkt_time":1381844093773481,"flow_dst_last_pkt_time":1381844093773481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093773481,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1381844093773481,"flow_dst_last_pkt_time":1381844093773481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844093773481,"pkt":"TBfruiThKM\/pITwrCABFAABActxAAEAGiIfAqAAEwP69qdTpAFBvTz4dAAAAALAC\/\/+cEQAAAgQFtAEDAwQBAQgKH3+5cgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844093773653,"flow_src_last_pkt_time":1381844093773653,"flow_dst_last_pkt_time":1381844093773653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093773653,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1381844093773653,"flow_dst_last_pkt_time":1381844093773653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844093773653,"pkt":"TBfruiThKM\/pITwrCABFAABAQLZAAEAGuq3AqAAEwP69qdTqAFCcMkZ3AAAAALAC\/\/9m0wAAAgQFtAEDAwQBAQgKH3+5cgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844093773779,"flow_src_last_pkt_time":1381844093773779,"flow_dst_last_pkt_time":1381844093773779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093773779,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1381844093773779,"flow_dst_last_pkt_time":1381844093773779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844093773779,"pkt":"TBfruiThKM\/pITwrCABFAABAA81AAEAG95bAqAAEwP69qdTrAFA2BKONAAAAALAC\/\/9v6gAAAgQFtAEDAwQBAQgKH3+5cgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844093774159,"flow_src_last_pkt_time":1381844093774159,"flow_dst_last_pkt_time":1381844093774159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093774159,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1381844093774159,"flow_dst_last_pkt_time":1381844093774159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844093774159,"pkt":"TBfruiThKM\/pITwrCABFAABAb5NAAEAGi9DAqAAEwP69qdTsAFDskHntAAAAALAC\/\/\/i\/AAAAgQFtAEDAwQBAQgKH3+5cgAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844093774192,"flow_src_last_pkt_time":1381844093774192,"flow_dst_last_pkt_time":1381844093774192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093774192,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1381844093774192,"flow_dst_last_pkt_time":1381844093774192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844093774192,"pkt":"TBfruiThKM\/pITwrCABFAABAeJlAAEAGgsrAqAAEwP69qdTtAFAXNz1pAAAAALAC\/\/\/02QAAAgQFtAEDAwQBAQgKH3+5cgAAAAAEAgAA"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1381844093773481,"flow_dst_last_pkt_time":1381844093978016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844093978016,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1OkOfXERb08+HqASOJD9GQAAAgQFtAQCCAowzcb8H3+5cgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1381844093978098,"flow_dst_last_pkt_time":1381844093978016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844093978098,"pkt":"TBfruiThKM\/pITwrCABFAAA0tJ1AAEAGRtLAqAAEwP69qdTpAFBvTz4eDn1xEoAQICtDhgAAAQEICh9\/ujcwzcb8"}
01441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1381844093978296,"flow_dst_last_pkt_time":1381844093978016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":728,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":728,"pkt_l4_len":694,"thread_ts_usec":1381844093978296,"pkt":"TBfruiThKM\/pITwrCABFAALK9OJAAEAGA\/fAqAAEwP69qdTpAFBvTz4eDn1xEoAYICvzZQAAAQEICh9\/ujcwzcb8R0VUIC9wYXNzd29yZC5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkF1dGhvcml6YXRpb246IEJhc2ljIGRHVnpkRHAwWlhOMA0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlLHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgNCkNvb2tpZTogX191dG1hPTE5MDkwODI4MS4xNTYwMDk1NjExLjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjE7IF9fdXRtYj0xOTA5MDgyODEuOC4xMC4xMzgxODQzOTY5OyBfX3V0bWM9MTkwOTA4MjgxOyBfX3V0bXo9MTkwOTA4MjgxLjEzODE4NDM5NjkuMS4xLnV0bWNzcj1nb29nbGV8dXRtY2NuPShvcmdhbmljKXx1dG1jbWQ9b3JnYW5pY3x1dG1jdHI9KG5vdCUyMHByb3ZpZGVkKTsgX191bmFtPTZiNmFiNmQtMTQxYmM1MWE4MWUtNDEwMmE2NjEtOA0KDQo="}
01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844093773481,"flow_src_last_pkt_time":1381844093978296,"flow_dst_last_pkt_time":1381844093978016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":662,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":662,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844093978296,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54505,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1381844093773653,"flow_dst_last_pkt_time":1381844093978704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844093978704,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1OrkDrKQnDJGeKASOJCwygAAAgQFtAQCCAowzcb8H3+5cgEDAwc="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1381844093773779,"flow_dst_last_pkt_time":1381844093978706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844093978706,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1OtUVEgKNgSjjqASOJC0IgAAAgQFtAQCCAowzcb8H3+5cgEDAwc="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1381844093774159,"flow_dst_last_pkt_time":1381844093978706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844093978706,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1Ozlifec7JB57qASOJDmawAAAgQFtAQCCAowzcb9H3+5cgEDAwc="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1381844093774192,"flow_dst_last_pkt_time":1381844093978735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844093978735,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1O3dre\/ZFzc9aqASOJAH6AAAAgQFtAQCCAowzcb9H3+5cgEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1381844093978741,"flow_dst_last_pkt_time":1381844093978704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844093978741,"pkt":"TBfruiThKM\/pITwrCABFAAA0ut9AAEAGQJDAqAAEwP69qdTqAFCcMkZ45A6ykYAQICv3NgAAAQEICh9\/ujcwzcb8"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1381844093978741,"flow_dst_last_pkt_time":1381844093978706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844093978741,"pkt":"TBfruiThKM\/pITwrCABFAAA07clAAEAGDabAqAAEwP69qdTrAFA2BKOOVFRIC4AQICv6jgAAAQEICh9\/ujcwzcb8"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1381844093978747,"flow_dst_last_pkt_time":1381844093978706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844093978747,"pkt":"TBfruiThKM\/pITwrCABFAAA0RcpAAEAGtaXAqAAEwP69qdTsAFDskHnu5Yn3nYAQICss2AAAAQEICh9\/ujcwzcb9"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1381844093978758,"flow_dst_last_pkt_time":1381844093978735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844093978758,"pkt":"TBfruiThKM\/pITwrCABFAAA0sd9AAEAGSZDAqAAEwP69qdTtAFAXNz1q3a3v2oAQICtOVAAAAQEICh9\/ujcwzcb9"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1381844093978296,"flow_dst_last_pkt_time":1381844094172721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844094172721,"pkt":"KM\/pITwrTBfruiThCABFAAA0tgJAADgGTW3A\/r2pwKgABABQ1OkOfXESb09AtIAQAHxgiwAAAQEICjDNxxAff7o3"}
02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844093773481,"flow_src_last_pkt_time":1381844094597020,"flow_dst_last_pkt_time":1381844094596982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":662,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":662,"flow_dst_tot_l4_payload_len":17324,"midstream":0,"thread_ts_usec":1381844094597020,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":198,"avg":53130.3,"max":410016,"stddev":98587.4,"var":9719476224.0,"ent":3.1,"data": [204535,204617,198,194705,213754,1794,410016,624,612,594,595,939,949,5433,2188,7618,3895,4032,7924,3809,21632,169039,3657,154896,4019,4137,3908,4014,7850,2562,2495]},"pktlen": {"min":52,"avg":614.7,"max":1500,"stddev":658.5,"var":433660.4,"ent":4.1,"data": [64,60,52,714,52,1500,597,52,131,52,274,52,365,52,1500,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,289,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.441382408,5.172908306,5.207143307,5.884779930,5.085056305,5.437002182,5.480090618,5.115703583,5.443519592,5.115703106,5.650530815,5.077241421,5.725054264,5.077241421,5.318561077,5.038849354,5.077241421,5.082476139,5.055591583,5.115702629,5.096976280,5.070538998,5.072904110,5.091974735,5.115703106,5.175855637,5.032077312,5.322189808,5.569242001,5.115703106,5.771609783,5.077241898]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1381844093978741,"flow_dst_last_pkt_time":1381844095217218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844095217218,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1OtUVEgKNgSjjqASOJCy4AAAAgQFtAQCCAowzcd5H3+6NwEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1381844095217269,"flow_dst_last_pkt_time":1381844095217218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844095217269,"pkt":"TBfruiThKM\/pITwrCABFAAA0CL5AAEAG8rHAqAAEwP69qdTrAFA2BKOOVFRIC4AQICv1XgAAAQEICh9\/vuowzcd5"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1381844093978741,"flow_dst_last_pkt_time":1381844095217923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844095217923,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1OrkDrKQnDJGeKASOJCviAAAAgQFtAQCCAowzcd5H3+6NwEDAwc="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1381844093978747,"flow_dst_last_pkt_time":1381844095217925,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844095217925,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1Ozlifec7JB57qASOJDlKgAAAgQFtAQCCAowzcd5H3+6NwEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1381844095217955,"flow_dst_last_pkt_time":1381844095217923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844095217955,"pkt":"TBfruiThKM\/pITwrCABFAAA0xelAAEAGNYbAqAAEwP69qdTqAFCcMkZ45A6ykYAQICvyBgAAAQEICh9\/vuowzcd5"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1381844095217955,"flow_dst_last_pkt_time":1381844095217925,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844095217955,"pkt":"TBfruiThKM\/pITwrCABFAAA0Cv9AAEAG8HDAqAAEwP69qdTsAFDskHnu5Yn3nYAQICsnqQAAAQEICh9\/vuowzcd5"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1381844093978758,"flow_dst_last_pkt_time":1381844095425546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844095425546,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1O3dre\/ZFzc9aqASOJAGkgAAAgQFtAQCCAowzceOH3+6NwEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1381844095425625,"flow_dst_last_pkt_time":1381844095425546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844095425625,"pkt":"TBfruiThKM\/pITwrCABFAAA0BaNAAEAG9czAqAAEwP69qdTtAFAXNz1q3a3v2oAQICtIVQAAAQEICh9\/v6UwzceO"}
01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1381844093773653,"flow_src_last_pkt_time":1381844104554184,"flow_dst_last_pkt_time":1381844095217923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":643,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844104554184,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/?_=1381844104551","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
02244{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844093773653,"flow_src_last_pkt_time":1381844105235432,"flow_dst_last_pkt_time":1381844105235372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":643,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":20540,"midstream":0,"thread_ts_usec":1381844105235432,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1107,"avg":739467.7,"max":9536721,"stddev":2304771.2,"var":5311970148352.0,"ent":2.0,"data": [205051,205088,1239219,1239214,9336229,9536721,269698,3945,474186,3902,3868,3885,3880,7765,5508,5622,2491,3505,5894,3931,3951,3696,163375,167088,3967,3916,4585,3237,7851,1123,1107]},"pktlen": {"min":52,"avg":715.0,"max":1500,"stddev":702.0,"var":492871.9,"ent":4.2,"data": [64,60,52,60,52,695,58,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,320,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.421927452,5.139575005,5.115702629,5.139575005,5.130219936,5.878774166,5.340740204,5.419150352,5.488927364,5.014835358,5.291490555,5.085056305,5.042024136,5.061055183,5.053297043,5.085721970,4.955154419,5.096673012,5.053177357,5.091758728,5.124075890,5.046594620,5.088674068,5.274103165,5.053297043,5.222216129,5.032077789,5.196549416,5.517179966,5.077241421,5.796352386,5.014835358]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112303486,"flow_src_last_pkt_time":1381844112303486,"flow_dst_last_pkt_time":1381844112303486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112303486,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112303486,"flow_dst_last_pkt_time":1381844112303486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112303486,"pkt":"TBfruiThKM\/pITwrCABFAABA+9NAAEAG\/4\/AqAAEwP69qdU0AFB+fvn1AAAAALAC\/\/+J1AAAAgQFtAEDAwQBAQgKH4AAXAAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112303573,"flow_src_last_pkt_time":1381844112303573,"flow_dst_last_pkt_time":1381844112303573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112303573,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112303573,"flow_dst_last_pkt_time":1381844112303573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112303573,"pkt":"TBfruiThKM\/pITwrCABFAABApL5AAEAGVqXAqAAEwP69qdU1AFC1gQPQAAAAALAC\/\/9I9gAAAgQFtAEDAwQBAQgKH4AAXAAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112303636,"flow_src_last_pkt_time":1381844112303636,"flow_dst_last_pkt_time":1381844112303636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112303636,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54582,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112303636,"flow_dst_last_pkt_time":1381844112303636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112303636,"pkt":"TBfruiThKM\/pITwrCABFAABArYlAAEAGTdrAqAAEwP69qdU2AFCd40xiAAAAALAC\/\/8YAQAAAgQFtAEDAwQBAQgKH4AAXAAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112303720,"flow_src_last_pkt_time":1381844112303720,"flow_dst_last_pkt_time":1381844112303720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112303720,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54583,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112303720,"flow_dst_last_pkt_time":1381844112303720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112303720,"pkt":"TBfruiThKM\/pITwrCABFAABAVoNAAEAGpODAqAAEwP69qdU3AFCZHYQRAAAAALAC\/\/\/lFgAAAgQFtAEDAwQBAQgKH4AAXAAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844112303792,"flow_dst_last_pkt_time":1381844112303792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112303792,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112303792,"flow_dst_last_pkt_time":1381844112303792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112303792,"pkt":"TBfruiThKM\/pITwrCABFAABAE\/FAAEAG53LAqAAEwP69qdU4AFDs7b5UAAAAALAC\/\/9XAgAAAgQFtAEDAwQBAQgKH4AAXAAAAAAEAgAA"}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844112375802,"flow_dst_last_pkt_time":1381844112375802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112375802,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1381844112375802,"flow_dst_last_pkt_time":1381844112375802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844112375802,"pkt":"TBfruiThKM\/pITwrCABFAABAgpFAAEAGeNLAqAAEwP69qdVEAFCKiTc2AAAAALAC\/\/9ANQAAAgQFtAEDAwQBAQgKH4AAoAAAAAAEAgAA"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112303486,"flow_dst_last_pkt_time":1381844112486366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112486366,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1TRGgkenfn759qASOJDVBQAAAgQFtAQCCAowzc44H4AAXAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112486440,"flow_dst_last_pkt_time":1381844112486366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112486440,"pkt":"TBfruiThKM\/pITwrCABFAAA0xKxAAEAGNsPAqAAEwP69qdU0AFB+fvn2RoJHqIAQICsbjAAAAQEICh+AAQcwzc44"}
01539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112486650,"flow_dst_last_pkt_time":1381844112486366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":803,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":803,"pkt_l4_len":769,"thread_ts_usec":1381844112486650,"pkt":"TBfruiThKM\/pITwrCABFAAMV9I1AAEAGBAHAqAAEwP69qdU0AFB+fvn2RoJHqIAYICt1mgAAAQEICh+AAQcwzc44R0VUIC9wYXNzd29yZC1vay5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcDBaWE4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjEwLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0xMA0KDQo="}
01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844112303486,"flow_src_last_pkt_time":1381844112486650,"flow_dst_last_pkt_time":1381844112486366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":737,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112486650,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112303573,"flow_dst_last_pkt_time":1381844112487886,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112487886,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1TWFU0nktYED0aASOJBTGQAAAgQFtAQCCAowzc44H4AAXAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112487944,"flow_dst_last_pkt_time":1381844112487886,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112487944,"pkt":"TBfruiThKM\/pITwrCABFAAA02vZAAEAGIHnAqAAEwP69qdU1AFC1gQPRhVNJ5YAQICuZngAAAQEICh+AAQgwzc44"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112303636,"flow_dst_last_pkt_time":1381844112495410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112495410,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1TYh1fp0neNMY6ASOJDVEQAAAgQFtAQCCAowzc44H4AAXAEDAwc="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112303720,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112495411,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1TeCGoV1mR2EEqASOJC24QAAAgQFtAQCCAowzc44H4AAXAEDAwc="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112303792,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112495411,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1TiY+jv27O2+VaASOJBbbAAAAgQFtAQCCAowzc44H4AAXAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112495455,"flow_dst_last_pkt_time":1381844112495410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112495455,"pkt":"TBfruiThKM\/pITwrCABFAAA0wLFAAEAGOr7AqAAEwP69qdU2AFCd40xjIdX6dYAQICsbkAAAAQEICh+AAQ8wzc44"}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112495455,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112495455,"pkt":"TBfruiThKM\/pITwrCABFAAA0dKdAAEAGhsjAqAAEwP69qdU3AFCZHYQSghqFdoAQICv9XwAAAQEICh+AAQ8wzc44"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112495486,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112495486,"pkt":"TBfruiThKM\/pITwrCABFAAA0npBAAEAGXN\/AqAAEwP69qdU4AFDs7b5VmPo794AQICuh6gAAAQEICh+AAQ8wzc44"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1381844112375802,"flow_dst_last_pkt_time":1381844112570022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844112570022,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1URQ3mDIiok3N6ASOJBn4QAAAgQFtAQCCAowzc5AH4AAoAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1381844112570098,"flow_dst_last_pkt_time":1381844112570022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112570098,"pkt":"TBfruiThKM\/pITwrCABFAAA06spAAEAGEKXAqAAEwP69qdVEAFCKiTc3UN5gyYAQICuuWgAAAQEICh+AAVgwzc5A"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1381844112486650,"flow_dst_last_pkt_time":1381844112676138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844112676138,"pkt":"KM\/pITwrTBfruiThCABFAAA0ieNAADgGeYzA\/r2pwKgABABQ1TRGgkeofn7814AQAH04RgAAAQEICjDNzksfgAEH"}
01532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112946222,"flow_dst_last_pkt_time":1381844112487886,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1381844112946222,"pkt":"TBfruiThKM\/pITwrCABFAAMPceVAAEAGhq\/AqAAEwP69qdU1AFC1gQPRhVNJ5YAYICvFpAAAAQEICh+AAsYwzc44R0VUIC90aGVtZS9yZXNldC5jc3MgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcDBaWE4wDQpBY2NlcHQ6IHRleHQvY3NzLCovKjtxPTAuMQ0KSWYtTW9kaWZpZWQtU2luY2U6IFRodSwgMDQgU2VwIDIwMDggMTI6MjQ6MjggR01UDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjEwLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0xMA0KDQo="}
01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844112303573,"flow_src_last_pkt_time":1381844112946222,"flow_dst_last_pkt_time":1381844112487886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":731,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112946222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54581,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/theme\/reset.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112946744,"flow_dst_last_pkt_time":1381844112495410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":799,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":799,"pkt_l4_len":765,"thread_ts_usec":1381844112946744,"pkt":"TBfruiThKM\/pITwrCABFAAMRAINAAEAG+A\/AqAAEwP69qdU2AFCd40xjIdX6dYAYICvsQgAAAQEICh+AAsYwzc44R0VUIC90aGVtZS9kZWZhdWx0LmNzcyBIVFRQLzEuMQ0KSG9zdDogYnJvd3NlcnNweS5kaw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wDQpBdXRob3JpemF0aW9uOiBCYXNpYyBkR1Z6ZERwMFpYTjANCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpJZi1Nb2RpZmllZC1TaW5jZTogV2VkLCAyOSBPY3QgMjAwOCAyMTo1Mjo0MiBHTVQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzhfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzMwLjAuMTU5OS42OSBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwOi8vYnJvd3NlcnNweS5kay9wYXNzd29yZC5waHANCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlLHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgNCkNvb2tpZTogX191dG1hPTE5MDkwODI4MS4xNTYwMDk1NjExLjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjE7IF9fdXRtYj0xOTA5MDgyODEuMTAuMTAuMTM4MTg0Mzk2OTsgX191dG1jPTE5MDkwODI4MTsgX191dG16PTE5MDkwODI4MS4xMzgxODQzOTY5LjEuMS51dG1jc3I9Z29vZ2xlfHV0bWNjbj0ob3JnYW5pYyl8dXRtY21kPW9yZ2FuaWN8dXRtY3RyPShub3QlMjBwcm92aWRlZCk7IF9fdW5hbT02YjZhYjZkLTE0MWJjNTFhODFlLTQxMDJhNjYxLTEwDQoNCg=="}
01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844112303636,"flow_src_last_pkt_time":1381844112946744,"flow_dst_last_pkt_time":1381844112495410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":733,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":733,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112946744,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54582,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/theme\/default.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
01507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112946829,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":779,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":779,"pkt_l4_len":745,"thread_ts_usec":1381844112946829,"pkt":"TBfruiThKM\/pITwrCABFAAL9O7tAAEAGvOvAqAAEwP69qdU3AFCZHYQSghqFdoAYICuiHQAAAQEICh+AAsYwzc44R0VUIC9qcy9qcXVlcnkuanMgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcDBaWE4wDQpBY2NlcHQ6ICovKg0KSWYtTW9kaWZpZWQtU2luY2U6IFRodSwgMTEgTWFyIDIwMTAgMDg6MTc6MDkgR01UDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjEwLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0xMA0KDQo="}
01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844112303720,"flow_src_last_pkt_time":1381844112946829,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":713,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112946829,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54583,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/js\/jquery.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
01532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112946986,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1381844112946986,"pkt":"TBfruiThKM\/pITwrCABFAAMPnJZAAEAGW\/7AqAAEwP69qdU4AFDs7b5VmPo794AYICvYNAAAAQEICh+AAsYwzc44R0VUIC9waWNzL2xvZ28ucG5nIEhUVFAvMS4xDQpIb3N0OiBicm93c2Vyc3B5LmRrDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTANCkF1dGhvcml6YXRpb246IEJhc2ljIGRHVnpkRHAwWlhOMA0KQWNjZXB0OiBpbWFnZS93ZWJwLCovKjtxPTAuOA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTAgU2VwIDIwMDggMDc6MTc6MTAgR01UDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF84XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zMC4wLjE1OTkuNjkgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGFzc3dvcmQucGhwDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZSxzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44DQpDb29raWU6IF9fdXRtYT0xOTA5MDgyODEuMTU2MDA5NTYxMS4xMzgxODQzOTY4LjEzODE4NDM5NjguMTM4MTg0Mzk2OC4xOyBfX3V0bWI9MTkwOTA4MjgxLjEwLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0xMA0KDQo="}
01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844112946986,"flow_dst_last_pkt_time":1381844112495411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":731,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844112946986,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/pics\/logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1381844112946222,"flow_dst_last_pkt_time":1381844113137794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844113137794,"pkt":"KM\/pITwrTBfruiThCABFAAA0h51AADgGe9LA\/r2pwKgABABQ1TWFU0nltYEGrIAQAH20cwAAAQEICjDNzngfgALG"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1381844112946744,"flow_dst_last_pkt_time":1381844113144817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844113144817,"pkt":"KM\/pITwrTBfruiThCABFAAA0NAxAADgGz2PA\/r2pwKgABABQ1TYh1fp1neNPQIAQAH02aQAAAQEICjDNznkfgALG"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1381844112946829,"flow_dst_last_pkt_time":1381844113157579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844113157579,"pkt":"KM\/pITwrTBfruiThCABFAAA0SwxAADgGuGPA\/r2pwKgABABQ1TeCGoV2mR2G24AQAH0YTAAAAQEICjDNznofgALG"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1381844112946986,"flow_dst_last_pkt_time":1381844113186638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844113186638,"pkt":"KM\/pITwrTBfruiThCABFAAA09YlAADgGDebA\/r2pwKgABABQ1TiY+jv37O3BMIAQAH28wAAAAQEICjDNzn4fgALG"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1381844112570098,"flow_dst_last_pkt_time":1381844113897246,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844113897246,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1URQ3mDIiok3N6ASOJBmpAAAAgQFtAQCCAowzc7FH4ABWAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1381844113897314,"flow_dst_last_pkt_time":1381844113897246,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844113897314,"pkt":"TBfruiThKM\/pITwrCABFAAA0EdJAAEAG6Z3AqAAEwP69qdVEAFCKiTc3UN5gyYAQICuo3QAAAQEICh+ABlAwzc7F"}
02370{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844116079597,"flow_dst_last_pkt_time":1381844116079543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1442,"flow_dst_tot_l4_payload_len":17394,"midstream":0,"thread_ts_usec":1381844116079597,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1516,"avg":243598.6,"max":2440041,"stddev":569983.2,"var":324880891904.0,"ent":2.8,"data": [191619,191694,451500,691227,18992,258717,2193011,2440041,223652,1516,472146,13231,13309,3452,4140,7544,3959,3958,4123,3470,7591,3945,4028,3911,158872,162735,3834,3852,3908,1859,5720]},"pktlen": {"min":52,"avg":641.4,"max":1500,"stddev":656.8,"var":431405.0,"ent":4.2,"data": [64,60,52,783,52,189,52,763,58,1500,597,52,131,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,757,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0],"entropies": [4.334868431,4.994742393,5.077241421,5.863452911,4.993616104,5.802459240,5.038779736,5.873818874,5.189794064,5.430706978,5.489347935,5.091758251,5.402398586,5.091758728,5.437272549,5.178615093,5.091758728,5.015810490,5.046594620,5.086363792,5.083364964,5.091758728,5.094627380,4.993615627,5.060242653,5.186669827,5.053297043,5.220447540,4.993615627,5.439900398,5.703805923,5.130220413]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844044399138,"flow_dst_last_pkt_time":1381844044585894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":17663,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01228{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":20,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844050137620,"flow_dst_last_pkt_time":1381844050320914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":17660,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028589,"flow_src_last_pkt_time":1381844047672712,"flow_dst_last_pkt_time":1381844047862717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028589,"flow_src_last_pkt_time":1381844047672712,"flow_dst_last_pkt_time":1381844047862717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028652,"flow_src_last_pkt_time":1381844047672759,"flow_dst_last_pkt_time":1381844047863552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028652,"flow_src_last_pkt_time":1381844047672759,"flow_dst_last_pkt_time":1381844047863552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028715,"flow_src_last_pkt_time":1381844047672760,"flow_dst_last_pkt_time":1381844047864465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54321,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028715,"flow_src_last_pkt_time":1381844047672760,"flow_dst_last_pkt_time":1381844047864465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54321,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028764,"flow_src_last_pkt_time":1381844047672760,"flow_dst_last_pkt_time":1381844047865436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844035028764,"flow_src_last_pkt_time":1381844047672760,"flow_dst_last_pkt_time":1381844047865436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01228{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01229{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":40,"flow_first_seen":1381844050442116,"flow_src_last_pkt_time":1381844067673172,"flow_dst_last_pkt_time":1381844067897530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2941,"flow_dst_tot_l4_payload_len":35300,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":74,"flow_first_seen":1381844061727807,"flow_src_last_pkt_time":1381844082425251,"flow_dst_last_pkt_time":1381844082622675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5751,"flow_dst_tot_l4_payload_len":69866,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01128{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1381844061727853,"flow_src_last_pkt_time":1381844067673223,"flow_dst_last_pkt_time":1381844067897533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":2182,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54341,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01128{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1381844061727907,"flow_src_last_pkt_time":1381844067673211,"flow_dst_last_pkt_time":1381844067897533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":733,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":2194,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1381844061727971,"flow_src_last_pkt_time":1381844067673201,"flow_dst_last_pkt_time":1381844067897532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":732,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":732,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54343,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844062496242,"flow_src_last_pkt_time":1381844076806645,"flow_dst_last_pkt_time":1381844077177628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844062496242,"flow_src_last_pkt_time":1381844076806645,"flow_dst_last_pkt_time":1381844077177628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":19,"flow_first_seen":1381844082425453,"flow_src_last_pkt_time":1381844093921864,"flow_dst_last_pkt_time":1381844094106193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":709,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":709,"flow_dst_tot_l4_payload_len":17317,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01132{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":36,"flow_first_seen":1381844093773481,"flow_src_last_pkt_time":1381844104553944,"flow_dst_last_pkt_time":1381844104747165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":709,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1371,"flow_dst_tot_l4_payload_len":34679,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":20,"flow_first_seen":1381844093773653,"flow_src_last_pkt_time":1381844112287525,"flow_dst_last_pkt_time":1381844112467354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":643,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":20540,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093773779,"flow_src_last_pkt_time":1381844107674282,"flow_dst_last_pkt_time":1381844107866167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093773779,"flow_src_last_pkt_time":1381844107674282,"flow_dst_last_pkt_time":1381844107866167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093774159,"flow_src_last_pkt_time":1381844107674282,"flow_dst_last_pkt_time":1381844107868750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093774159,"flow_src_last_pkt_time":1381844107674282,"flow_dst_last_pkt_time":1381844107868750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093774192,"flow_src_last_pkt_time":1381844107674294,"flow_dst_last_pkt_time":1381844107869359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844093774192,"flow_src_last_pkt_time":1381844107674294,"flow_dst_last_pkt_time":1381844107869359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1381844112303486,"flow_src_last_pkt_time":1381844118009537,"flow_dst_last_pkt_time":1381844118200093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":737,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":17283,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1381844112303573,"flow_src_last_pkt_time":1381844127674954,"flow_dst_last_pkt_time":1381844127869624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":731,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1381844112303636,"flow_src_last_pkt_time":1381844127674974,"flow_dst_last_pkt_time":1381844127870890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":733,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":733,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54582,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1381844112303720,"flow_src_last_pkt_time":1381844127674995,"flow_dst_last_pkt_time":1381844127871375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":713,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54583,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
01132{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":36,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844127675006,"flow_dst_last_pkt_time":1381844127871377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2153,"flow_dst_tot_l4_payload_len":34743,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 688/688
~~ skipped flows.............: 0
~~ total layer4 data length..: 307822 bytes
~~ total detected protocols..: 16
~~ total active/idle flows...: 25/25
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7567460 bytes
~~ total memory freed........: 7567460 bytes
~~ total allocations/frees...: 127010/127010
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 554 chars
~~ json message max len.......: 2465 chars
~~ json message avg len.......: 1509 chars
Powered by cgit, Themed by Ted Yin.