1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1549337929790448}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337929790962,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929811952,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337929811952,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929811952,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337929812641,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929815091,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1549337929815091,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1549337929815994,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929816676,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929816676,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_usec":1549337929816676,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929816676,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929816676,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":""}}}
02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_usec":1549337929816935,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
01025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929816676,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337929816935,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929817554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929817554,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929817554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1549337929817554,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1549337929818281,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929981761,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929981761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929981761,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929981761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1549337929981761,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"}
00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929983015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1549337929983015,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929983344,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_usec":1549337929983344,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337929983901,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930192989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930192989,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930192989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337930192989,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930192989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930192989,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930193305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337930193305,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930214154,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337930214154,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930214154,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337930214775,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930217118,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1549337930217118,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1549337930217937,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337930219494,"flow_dst_last_pkt_time":1549337930219494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930219494,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01036{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930219494,"flow_dst_last_pkt_time":1549337930219494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"thread_ts_usec":1549337930219494,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930219494,"flow_dst_last_pkt_time":1549337930219495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_usec":1549337930219495,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="}
00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1549337930219495,"flow_dst_last_pkt_time":1549337930219495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1549337930219495,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931189901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931189901,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931189901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1549337931189901,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337931190653,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931198672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931198672,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931198672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1549337931198672,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1549337931199586,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931210214,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931210214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931210214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931210214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1549337931210214,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931210214,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931210214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931210214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":""}}}
02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931211149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1549337931211149,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
01027{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931210214,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931211149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1432,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":1549337931211149,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931211741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931211741,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931211741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_usec":1549337931211741,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931211848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931211848,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931211848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1549337931211848,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1549337931213235,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337931213237,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931218156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931218156,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931218156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1549337931218156,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1549337931219086,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931219686,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931219686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931219686,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931219686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_usec":1549337931219686,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931219686,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931219686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931219686,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":""}}}
02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931220282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_usec":1549337931220282,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
01027{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931219686,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931220282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337931220282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931220307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337931220307,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931220307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1549337931220307,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1549337931221192,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937690226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937690226,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937690226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_usec":1549337937690226,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337937691075,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937700823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937700823,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937700823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_usec":1549337937700823,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337937701643,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937703350,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337937703350,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937703350,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337937703857,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937724378,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337937724378,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937724378,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337937724993,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937725890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937725890,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937725890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1549337937725890,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1549337937726633,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337940431467,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940431467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337940431467,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940431467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1549337940431467,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940432366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1549337940432366,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940432879,"flow_dst_last_pkt_time":1549337940432879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":359,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337940432879,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1549337940432879,"flow_dst_last_pkt_time":1549337940432879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"thread_ts_usec":1549337940432879,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1549337940432879,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_usec":1549337940433470,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="}
00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1549337940433720,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951630943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951630943,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951630943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1549337951630943,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951630943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951630943,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951631242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1549337951631242,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951638319,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_usec":1549337951638319,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951638319,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1549337951638954,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951639128,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1549337951639128,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_usec":1549337951639626,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951709754,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951709754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":217,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951709754,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951709754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1549337951709754,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951710662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1549337951710662,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="}
01001{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1549337951711185,"flow_dst_last_pkt_time":1549337930219495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"thread_ts_usec":1549337951711185,"pkt":"pB9ywglqAAgCHEeuCABFAAGHASJAAIAGj12sEAjJrBAICMANwANTRpnlsystmVAYAPozQQAAggFcMIIBWKADAgESooIBTwSCAUuWLCgSHanSt2PP\/yVZcMfmf3O+6wkVadfE4eKakG1yO9SrZ+8e61jMQHtNJBdVjgWRd36YzM4hMkoAdzbpBR9NZThyJ11f649dicjSuLS+0TTKNkhTS5aP+2+mnqnnwKgAkNlUMsspI6StbG26XuSZeYdibrcSAfD9kHkFgsnEWSCqBWTMHVipU71tN6CdEXUPMPgdMC27QADlevQgcDqeQ+CaMuhs5GMB5DizisiK3lhDZnU7kt9iBk1lPvPq7LUIN5ZTJDARGYWlkq+iBz0i5CAvlmbQxn1dYqcSfUWlglxgIKwgVgnhQFAi0+OkVeTOKgDN3BKruoEBTil74\/S0evMc1u09Q2h3drzzLM87D5Tf5ZA+AA7wtSOBzz29\/X1AMobB75bUUFQJGjnEPxV7Cn3hUrsQuLV+886ueqKSkLUttIDIOiX8ZR8o"}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1549337951711185,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1549337951711741,"pkt":"AAgCHEeupB9ywglqCABFAAEQE+1AAIAGfQmsEAgIrBAIycADwA2zKy2ZU0abRFAYAQCuMgAABQAPAxAAAADoAKgABgAAANAW0BaHIgAAAAAAAAEAAAAAAAAAMwVxcbq+N0mDGbXb75zMNgEAAAAJBgAAAQAAAKGBpTCBoqADCgEBoQsGCSqGSIL3EgECAqKBjQSBim+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtFkUGSBk\/WNs8P1WQ8Umu5czQ0+5kt3qmyCKwqmWsGmeP2HdAYpVM1NOW3vOxQVk7A3LJVo2UlBLe3M1zmefdmYzJtoJ+Cb3iexzSZ9Yc6KmePBXHlaCcN9nDA7to75z\/ZLHEO5LicF4DB997lA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952265412,"flow_src_last_pkt_time":1549337952265412,"flow_dst_last_pkt_time":1549337952265412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952265412,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952265412,"flow_dst_last_pkt_time":1549337952265412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1549337952265412,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952265412,"flow_dst_last_pkt_time":1549337952266196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1549337952266196,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952267129,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1549337952267129,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="}
00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337952267833,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952273984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952273984,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952273984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_usec":1549337952273984,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1549337952274576,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952280187,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952280187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952280187,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952280187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1549337952280187,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952281091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1549337952281091,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952282931,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952282931,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1549337952282931,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1549337952282964,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952282970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952282970,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952282970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1549337952282970,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1549337952283232,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337951711983,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":516,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337951711983,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":516,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00873{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929816676,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929981761,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929983015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929981761,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929983015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930193305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00997{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":68,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":68,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931210214,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931211149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1432,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01002{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":136,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":136,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931219686,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931220282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":40,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":40,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337940431467,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940432366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337940431467,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940432366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951631242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":240,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":162,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":66,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":66,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951709754,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951710662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":217,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":190,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951709754,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951710662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":217,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":190,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952265412,"flow_src_last_pkt_time":1549337952265412,"flow_dst_last_pkt_time":1549337952266196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":179,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952265412,"flow_src_last_pkt_time":1549337952265412,"flow_dst_last_pkt_time":1549337952266196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":179,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952280187,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952281091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":179,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952280187,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952281091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":179,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282931,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":48,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282931,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":48,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 77/77
~~ skipped flows.............: 0
~~ total layer4 data length..: 24133 bytes
~~ total detected protocols..: 11
~~ total active/idle flows...: 36/36
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11603425 bytes
~~ total memory freed........: 11603425 bytes
~~ total allocations/frees...: 217112/217112
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 569 chars
~~ json string max len.......: 2499 chars
~~ json string avg len.......: 1534 chars
|