1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449652784341686}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652784341686,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652784341686,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_usec":1449652786071163,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"}
01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ocu03.labgency.ws","domainame":"ocu03.labgency.ws","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786098261,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786098261,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_usec":1449652786098261,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786098261,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786098261,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Crashlytics","proto_id":"5.275","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786130760,"flow_src_last_pkt_time":1449652786130760,"flow_dst_last_pkt_time":1449652786130760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786130760,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786130760,"flow_dst_last_pkt_time":1449652786130760,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_usec":1449652786130760,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="}
01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786130760,"flow_src_last_pkt_time":1449652786130760,"flow_dst_last_pkt_time":1449652786130760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786130760,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.eu01.capptain.com","domainame":"api.eu01.capptain.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786135098,"flow_src_last_pkt_time":1449652786135098,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786135098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786135098,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652786135098,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652786152820,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786152820,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786152820,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652786152820,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786167050,"flow_src_last_pkt_time":1449652786167050,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786167050,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786167050,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652786167050,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1449652786190607,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786190607,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="}
01553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1449652786215571,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_usec":1449652786215571,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="}
01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652786135098,"flow_src_last_pkt_time":1449652786215571,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":772,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786215571,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocu03.labgency.ws","domainame":"ocu03.labgency.ws","http": {"url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30","detected_os":"Android 4.0.4"}}}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1449652786268943,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786268943,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1449652786271139,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_usec":1449652786271139,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652786167050,"flow_src_last_pkt_time":1449652786271139,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786271139,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.eu01.capptain.com","domainame":"api.eu01.capptain.com","http": {"url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}}}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1449652786326157,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786326157,"pkt":"RQAANOueQABABs8kwKi0AomHgc7QbABQfGRqlroFwe2AEAD1NewAAAEBCAoANYJ9vXlMBA=="}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1449652786328342,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786328342,"pkt":"RQAANOufQABABs8jwKi0AomHgc7QbABQfGRqlroFwe2AEQD1NesAAAEBCAoANYJ9vXlMBA=="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786395470,"flow_src_last_pkt_time":1449652786395470,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786395470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786395470,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652786395470,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1449652786451782,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786451782,"pkt":"RQAANJwiQABABqbHwKi0ArL40Da8egBQwI4he\/tL486AEAESObkAAAEBCAoANYKJRwX8ZA=="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1449652786452343,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786452343,"pkt":"RQAANJwjQABABqbGwKi0ArL40Da8egBQwI4he\/tL5zyAEAE9NiAAAAEBCAoANYKJRwX8ZA=="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1449652786500298,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652786500298,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1449652786501839,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_usec":1449652786501839,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652786395470,"flow_src_last_pkt_time":1449652786501839,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786501839,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.eu01.capptain.com","domainame":"api.eu01.capptain.com","http": {"url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}}}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786934111,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_usec":1449652786934111,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"}
01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786934111,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"android.clients.google.com","domainame":"android.clients.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1449652786975964,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_usec":1449652786975964,"pkt":"RQAAiGAdQABABlpSwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKO0AAAEBCAoANYK+vXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787003032,"flow_src_last_pkt_time":1449652787003032,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787003032,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1449652787003032,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787003032,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1449652787075138,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787075138,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="}
00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1449652787100546,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_usec":1449652787100546,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652787003032,"flow_src_last_pkt_time":1449652787100546,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787100546,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1449652787155971,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787155971,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1449652787196365,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652787196365,"pkt":"RQAAQLBkQABABm0\/wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlgxwAAAEBCAoANYLTGASmTQEBBQrizMI04szHoA=="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787196993,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652787196993,"pkt":"RQAAQLBlQABABm0+wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlffQAAAEBCAoANYLTGASmTQEBBQrizMI04szMyA=="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1449652787273902,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787273902,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":273,"pkt_l4_len":253,"thread_ts_usec":1449652787289491,"pkt":"RQABESFOQABABqYRwKi0AhcV5seZXwG7KAKjIVpZIEyAGADlY\/8AAAEBCAoANYLdl2cJ1hYDAQDYAQAA1AMBVmhd8h0B5s6XDqG2jAg9OuLJnsmZQXwY4InZKY+7bC8AAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAZQAAAB0AGwAAGHNldHRpbmdzLmNyYXNobHl0aWNzLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABkAIwAA"}
01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787289491,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787439592,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787439592,"pkt":"RQAANCFPQABABqbtwKi0AhcV5seZXwG7KAKj\/lpZJECAEAEE+OkAAAEBCAoANYLsl2cKCg=="}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787479949,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787479949,"pkt":"RQAANGAeQABABlqlwKi0AomHgc6vnwBQfAzi7h3gADyAEAD1OwIAAAEBCAoANYLwvXlNHw=="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787507858,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_usec":1449652787507858,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="}
01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787507858,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"xmpp.device06.eu01.capptain.com","domainame":"xmpp.device06.eu01.capptain.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652787596837,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787596837,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1449652787596837,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787596837,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787983929,"flow_src_last_pkt_time":1449652787983929,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787983929,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1449652787983929,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787983929,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652788016158,"flow_src_last_pkt_time":1449652788016158,"flow_dst_last_pkt_time":1449652788016158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788016158,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1449652788016158,"flow_dst_last_pkt_time":1449652788016158,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_usec":1449652788016158,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="}
01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652788016158,"flow_src_last_pkt_time":1449652788016158,"flow_dst_last_pkt_time":1449652788016158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788016158,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ocs.labgency.ws","domainame":"ocs.labgency.ws","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1449652788067726,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652788067726,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="}
01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1449652788082001,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_usec":1449652788082001,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="}
01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652787983929,"flow_src_last_pkt_time":1449652788082001,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788082001,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocu03.labgency.ws","domainame":"ocu03.labgency.ws","http": {"url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652788109953,"flow_src_last_pkt_time":1449652788109953,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788109953,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1449652788109953,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652788109953,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1449652788188776,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652788188776,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="}
00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1449652788195073,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_usec":1449652788195073,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652788109953,"flow_src_last_pkt_time":1449652788195073,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788195073,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","proto_id":"91.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocs.labgency.ws","domainame":"ocs.labgency.ws","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350300_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1449652788328873,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652788328873,"pkt":"RQAAQMDeQABABoH\/wKi0ArL40DbC2QBQ64tGkd7mVuSwEADl2G4AAAEBCAoANYNFRwX+CwEBBQre5lxQ3uZhvA=="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1449652788329445,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_usec":1449652788329445,"pkt":"RQAASMDfQABABoH2wKi0ArL40DbC2QBQ64tGkd7mVuTQEADlJtQAAAEBCAoANYNFRwX+CwEBBRLe5mco3uZslN7mXFDe5mG8"}
00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1449652788467521,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_usec":1449652788467521,"pkt":"RQABBDlpQABABgixwKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlC+8AAAEBCAoANYNTRwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1449652788512652,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652788512652,"pkt":"RQAANDlqQABABgmAwKi0ArL40DaPSAG7xoy7Gjpn4mWAEAEShVwAAAEBCAoANYNXRwX+ag=="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1449652788595794,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652788595794,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1449652790602154,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652790602154,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"}
02313{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1449652787983929,"flow_src_last_pkt_time":1449652790713183,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652790713183,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":450,"avg":88040.5,"max":928563,"stddev":172609.9,"var":29794174976.0,"ent":3.5,"data": [83797,14275,246872,572,450,68391,1837,71492,506,5433,4137,41728,146026,90832,71054,77421,63432,3718,80468,1653,86121,564,67336,32599,43283,386587,73735,2510,928563,31722,2140]},"pktlen": {"min":52,"avg":83.1,"max":715,"stddev":113.8,"var":12942.2,"ent":4.5,"data": [60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64]},"bins": {"c_to_s": [31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.517588139,5.123517990,6.025798798,5.070159912,5.236322403,5.173415184,5.239589214,5.201192856,5.264100075,5.236322403,5.236322403,5.182154179,5.152114868,5.091758728,5.194910049,5.194910049,5.132410049,5.154164791,5.115703106,5.115703106,5.032077789,5.132410049,5.163660049,5.132410049,5.163660049,5.115703106,5.168681622,5.220060349,5.169355392,5.008133411,5.120864868,5.077819824]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocu03.labgency.ws"}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1449652792355546,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652792355546,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1449652794605540,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652794605540,"pkt":"RQAAPDy7QABABnyawKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0QcAAAIEBbQEAggKADWFuQAAAAABAwMG"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652797357367,"flow_src_last_pkt_time":1449652797357367,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652797357367,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1449652797357367,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652797357367,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1449652797427671,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797427671,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="}
00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1449652797442905,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_usec":1449652797442905,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="}
01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652797357367,"flow_src_last_pkt_time":1449652797442905,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652797442905,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1449652797505002,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797505002,"pkt":"RQAANAMXQABABslcwKi0AkDpuLyAsgG7QZiGtKTu+oaAEAES8esAAAEBCAoANYbaHkOF7A=="}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1449652797508005,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797508005,"pkt":"RQAANAMYQABABslbwKi0AkDpuLyAsgG7QZiGtKTu\/\/KAEAE\/7FEAAAEBCAoANYbbHkOF7A=="}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798230623,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_usec":1449652798230623,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798230623,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"play.googleapis.com","domainame":"play.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798305095,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798305095,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1449652798305095,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652798305095,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1449652798386903,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652798386903,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1449652798392604,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_usec":1449652798392604,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798392604,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798392604,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1449652798478689,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652798478689,"pkt":"RQAAQHALQABABm65wKi0AkDppl+6uwG7gNP32xI082ewEADl\/WcAAAEBCAoANYc8AMsH6wEBBQoSNPjTEjT+Pw=="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1449652798479498,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652798479498,"pkt":"RQAAQHAMQABABm64wKi0AkDppl+6uwG7gNP32xI082ewEADl+h8AAAEBCAoANYc8AMsH6wEBBQoSNPjTEjUBhw=="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1449652802635237,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652802635237,"pkt":"RQAAPDy8QABABnyZwKi0AomHgzS0VhQCr\/++QwAAAACgAjkIzeQAAAIEBbQEAggKADWI3AAAAAABAwMG"}
00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786130760,"flow_src_last_pkt_time":1449652786130760,"flow_dst_last_pkt_time":1449652786130760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652788016158,"flow_src_last_pkt_time":1449652788016158,"flow_dst_last_pkt_time":1449652788016158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00953{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786098261,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Crashlytics","proto_id":"5.275","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652835242195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842535220,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652842535220,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_usec":1449652842535220,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="}
01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842535220,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652842535220,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.ocs.fr","domainame":"www.ocs.fr","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842628827,"flow_src_last_pkt_time":1449652842628827,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652842628827,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1449652842628827,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652842628827,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1449652842700226,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652842700226,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1449652842701752,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_usec":1449652842701752,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652842628827,"flow_src_last_pkt_time":1449652842701752,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652842701752,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.ocs.fr","domainame":"www.ocs.fr","http": {"url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}}}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1449652842756514,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652842756514,"pkt":"RQAAND8cQABABgMywKi0ArL40NKmXgBQrzCn\/Dkyq1OAEAESfskAAAEBCAoANZiIGkFpCw=="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1449652842757620,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652842757620,"pkt":"RQAAND8dQABABgMxwKi0ArL40NKmXgBQrzCn\/DkysL+AEAE\/eTAAAAEBCAoANZiIGkFpCw=="}
02398{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1449652842628827,"flow_src_last_pkt_time":1449652843470951,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652843470951,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":27165.3,"max":79495,"stddev":29589.7,"var":875550464.0,"ent":4.0,"data": [71399,1526,54762,1106,3570,59902,605,77,5328,64776,1667,1533,79495,5458,58361,1849,64604,1987,67520,26503,42864,25995,65439,972,48553,1253,1960,1270,75524,1445,4821]},"pktlen": {"min":52,"avg":63.9,"max":204,"stddev":26.3,"var":690.5,"ent":4.9,"data": [60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72]},"bins": {"c_to_s": [31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.550921917,5.046595097,5.875504971,5.154164791,5.115703106,5.154164791,5.192625999,5.154164791,5.194910049,5.226160049,5.194910049,5.226160049,5.329917908,5.226160049,5.251310349,5.296718597,5.391922951,5.336368084,5.251310349,5.294355392,5.294355392,5.207143307,5.154164314,5.168681622,5.091758728,5.168681622,5.168681622,5.130220413,5.168681622,5.207143307,5.313810349,5.324496269]},"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.ocs.fr"}}
00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":938,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652845277546,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01189{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652786167050,"flow_src_last_pkt_time":1449652786398124,"flow_dst_last_pkt_time":1449652786167050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01192{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1449652787003032,"flow_src_last_pkt_time":1449652787811425,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":373,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":728,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842535220,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1449652797357367,"flow_src_last_pkt_time":1449652797774261,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1449652788109953,"flow_src_last_pkt_time":1449652791955458,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5041,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","proto_id":"91.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786130760,"flow_src_last_pkt_time":1449652786130760,"flow_dst_last_pkt_time":1449652786130760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652788016158,"flow_src_last_pkt_time":1449652788016158,"flow_dst_last_pkt_time":1449652788016158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":0,"flow_first_seen":1449652842628827,"flow_src_last_pkt_time":1449652846380718,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.ocs.fr"}}
00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786098261,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Crashlytics","proto_id":"5.275","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798887943,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652788767036,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652786135098,"flow_src_last_pkt_time":1449652787495655,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":772,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01188{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1449652786395470,"flow_src_last_pkt_time":1449652787578542,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01054{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652792355546,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Google","proto_id":"126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652792355546,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":751,"flow_dst_packets_processed":0,"flow_first_seen":1449652787983929,"flow_src_last_pkt_time":1449652839371660,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocu03.labgency.ws"}}
00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Azure","proto_id":"276","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":946,"packets-processed":946,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1449652846380718}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 946/946
~~ skipped flows.............: 0
~~ total layer4 data length..: 12361 bytes
~~ total detected protocols..: 18
~~ total active/idle flows...: 20/20
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7583199 bytes
~~ total memory freed........: 7583199 bytes
~~ total allocations/frees...: 127073/127073
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 526 chars
~~ json message max len.......: 2403 chars
~~ json message avg len.......: 1463 chars
|