1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62262978,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":62262978,"pkt":"UlQAOP1WCAAnCEHSCABFAAAqNcoAAIARnYrAqEsSpqG1EuspAbsAFurKODNIV3A9lts5AAAAAAA="}
00741{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":62409352,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62409352,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":62409352,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":62409352,"pkt":"CAAn5uVZUlQAEjUCCABFAAA2A9cAAEARlVlFxY+zCgACDwG76ykAIscSQNMcOmlkYC+gAQAAAAAzSFdwPZbbOQAAAAA="}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":62409791,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62409791,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNcsAAIARnYHAqEsSpqG1EuspAbsAHlkzKDNIV3A9lts5AQAAAADTHDppZGAvoA=="}
00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":62409943,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_usec":62409943,"pkt":"UlQAOP1WCAAnCEHSCABFAAE\/NcwAAIARnHPAqEsSpqG1EuspAbsBK+qEIDNIV3A9lts5AAAAAAEWAwEBEAEAAQwDA+TEL2EQMAsEt1tpQea77+myieLPD3MCMORLcXO3gJRhIFZaja2FsVEapw0C+18I364sWGzy5jIzjT5bldn\/XHUrADITAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMA\/wEAAJEACwAEAwABAgAKAAwACgAdABcAHgAZABgAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIGtU\/aNmp0uTMkZAKa7Qs6Og4lO8sBQLCxXbpQHaFzoX"}
02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":62561292,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1268,"pkt_l4_len":1234,"thread_ts_usec":62561292,"pkt":"CAAn5uVZUlQAEjUCCABFAATmA9kAAEARkKdFxY+zCgACDwG76ykE0uQ6INMcOmlkYC+gAQAAAAEzSFdwPZbbOQAAAAEWAwMAegIAAHYDAztv\/VQNhOdx9LM4alCseajOUkbnL2riP54J2kl73oLFIFZaja2FsVEapw0C+18I364sWGzy5jIzjT5bldn\/XHUrEwIAAC4AKwACAwQAMwAkAB0AIOnp6fb5q5a75IWjg99IM9E9IYqDzpmLQsSKi9kYNIlGFAMDAAEBFwMDABe3Vxz2m\/t\/2WkjQTA10Dwhq\/Se12JIOBcDAwBCCJ2gyTfkrsuPfeXuFvY9hUrfuQ4MXuDqK2r70W+CIwMyLFp8OpZ+9JaPaSrRRLYoyiUt7Eg+QQ2H7xi0HexUzDgjFwMDEl0bPfaRf2qn51e7ERx9XN1gotyUoxl7QUIv2yXeIAgqmaiQIKIBp6WQdOJMzQxbqnz\/o+5cu\/q0lSlyskIOi0KTmoOX0FGt4N1AHbZpFqsLpRLVZ\/CeBd14W\/qOuOYXe\/QFu\/Rd2vAdnpd8edRs4DO0xtqEuf79VsiPuZo5KO17Mkp+v9DtZxS9SFZg850fCBzoA0N0uVHp\/3DLOxqkqIVouYFlysDfj7IbIDMPJwro2mI1YcJlgkXH1xr78\/++8rNr0cx1Ru3q9qgAyqLJ5fYDIZAkkfwLWygzKL5bQsI2yINv\/muS5JJHfhM0psBD37xjf9VCP2dtsD6FcG4zOitvt0WP4X2QK64MBPcg8gxxj1mPRBc+Ehq7b+GWVaXPXEnZvMCYpdPaI8VGeOgW0X49ezQl9OxveE\/GsuM26Y8vVJyJ7aYKrS\/rRwvksAcwWF4u3wLNYFJkFUiBvBPsDlgBqbyF4DSMr24xNzFQtLdL6BeR\/YNoQUsjvwuBxM7LT0n70Rn94ySwxLYgTbP2enXMcOfuYc5YxCwQO9kA44T+4r9T2WA7RV4zjYZ6poGvts\/c1L7VJSqsjNEVp48YUoMOzeMaEct6pfK2uVy6fELmUQY15H2VYuIPmWwkaJ9tElFqESen6+Km6yxqwPwmk8W5b\/qsD\/qOYTaz0Ei3CnlBTTe77OsPaAJ6aOjYc6t5pRbBvIQgww\/xco26J3PqDtKIkOhSgUDn+4js7WQBEC5x4fET8WMu\/BOmWrc6\/vOpw4YJxkMdrq5gH0Ky8HXozik4YD9EJAijB\/58H20oyv\/KcqAawStGwEgZPhK73YSzgSJKZO2h\/uv8zsAjYf8KIUELrl08KuePMPV1nJ22hVhYBcLKlupuGVYDjCfO5A+K\/3RAfDIpAQwe4kJ8uwUBduh\/EMEUsSpiT6WVuRcX+G\/xjs+qK8u1Q1K71wZy4JE1zxSPa4OCoJVqW2Hdy1eB\/VfInlA8dQuhMtfxq6XqOkRBAzoqsoI\/OhEhdFHFTarXH3bbMB8y2eKeZxJDgwwQFPEBMpo9XBUW1A7Ruwi5gGLI0y0TVE\/sh9ibpNLiIGsRyQv13wRwgGSanQV3fAY19Pg\/E3dtr9QpPAQHatPG7ecU7+KEugbzIXM4CDl342pWvcVDn7F3jiorgtwy3Zx15vo835CHS65hXrWXFhf2LCJhbPBmTZ6DBD2e1jRs36OIwYv\/eg0cD\/H8pHJptfsylYwBMfGRMi9PNTIaOrGODgl67kvuJAHivNTzltdGhb9H95gfJuU="}
02133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":62561482,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"thread_ts_usec":62561482,"pkt":"CAAn5uVZUlQAEjUCCABFAATaA9oAAEARkLJFxY+zCgACDwG76ykExnQ+INMcOmlkYC+gAAAAAAKMScxoZawvL9AdIKPbVTt7RyMhcAvDzcAcdm7P9aEq3BpG0sC8PmrFjHLXj93V2b5KloaRYDwZILLxjN3cogguGoK7fMCffbMmGIpwEL93LWqwhlabfnqqQI4HbGeCbzBi96YWz3S0pIEReHtrJpGbsuTtSMSjH3rqo91N08S2M7\/AfKTyVlrTObLOVD9blKfGvdpj6vs84vc08kG3mgFTfjgWq+HOX1gRybl1XeZnLZNlTgiz33jdJQmgEjoaTniUluEhNyoirajRDh64kR8DQeKG2a7vt0HTvNwkpJ0UQksXHlzAqAuZlOQ6ctZAdWR6fKx7XABGxtqJX00YlH1RiYIthB8LQBVvi1iD6B5Ewgf9ko+kRWqgner\/aPJQ7op0swXivSEhLGsEgaYKEAbDlhC8r6TFoC3iTMDYezwWwvG8hAfTOqAr+tWWligtoCKiM0NGBTnngw8\/PJKoWGRSbAs\/\/xhkKXRj798AIAzBlT54281wXVztRIR3hCWw5ikmriTg7L6o7E0CNTAxgSXz1lkm3XyilcF\/wXP9WI\/LXt7XtAeHdksGU9ZuKreQsZe0iPU4Ea3jLT0NEv7yBEwshnWAxNun9a7kGuNXtNaYsDonsd4p7Lpjf3OVvHJ95ZDKpwPzUpiOzySkN44O1zsij1E123qRCRthdFetzJbRv0QQKcrcEJp4Iivzcgq9BPmJIgsOWmrBf\/b7HEL1y2cwYk6vguCXAWzA9jHjWUV1YMcqZCV8quJiielngQA+uamNTXLuTuQyRv5ek+wZg8apzvYZk\/T5wIES\/4DARcNuDp679DVaZOjodLD+BpP1BHuipl5FTj4e6gptezw9rwcvcotpMWN\/uPXvLbrFM6hc1mloIuRVTomnXRWUm53KCCyrz6f\/vtsJk1+No\/vSoEML6MJFRrSe+RAgOo1lvZsuEI2r47ckokDz8R3zBzqCiN7rldWCiY7UUa7H2AUxWc4r6fVizV5e381mdiBYVONxEq9tyqofozYNk2NZn\/35aBQPBwBBWpOgoJl\/ieCWvw6oi4oh3KXrcNxZNdnou4bKCDi2Rz9ryl+zR22d+NqVYkZitOT7Jut5KigxfjC2VkKYBNmwyGIbDHUHisQpros5RlCcvu4aZr2B7fVbyyvMwCxlyVqOxDhW+bUjLEa\/l\/e5V3J9oCojgK4IzUTWldfNVDckrLBEgukD3NvdqqDi\/oeTTTAr6z3CJziWEdQCBfG7JWIPrt1KM0Z4cJZGhq\/j7k71RrMzrYEBtCIuqlX9IY9\/\/30yB4wbppyV7aBzSLtvYxhXrn+uCdU8kDphZK5fiiUR5yJ+0bKsx6m6tms4BQVV6FZpk7bzXI5IzlfJT4\/WJgcUTIkTOSJjNW0s4EHA0vpZu72rFjDKMhiKDjyq8H2IymrHDJiRFFYfc4kf24PwG3Xd7Wch3TdyejYxqI4ebxFgKF\/HJsIYpMhw4SqHMI6ZKi61f2wAntJzvD+nsqLQ6zX43FgKuvUo4myrcW5hfo71KKDmsafrXHzM2m\/p820O99gnzeNMFv7Ka57mJU0mjyo2BhXhIRjKFT7SCtDjY6D54Z0daJcW1MOTRFPzjXY="}
02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":62561557,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"thread_ts_usec":62561557,"pkt":"CAAn5uVZUlQAEjUCCABFAATaA9sAAEARkLFFxY+zCgACDwG76ykExshgINMcOmlkYC+gAAAAAAPslkEVR4hc7pIny9kmQ+YVx41Sf2SvQ+8SLyQVbSA2O0zqqSXyCG3mPcg60SHI3ZmAMhcB9c2nrIOMSOLRIdN64YUHQs+gaoBj\/v5RG9zsoBg6v9KtQDX+NsNnQLitcC\/edfM2PCTT3eqoiDAsEJ7efDEJrx4oy3Rys67fiCyef45yeZLT711UZq6IXd2g7WdstI4MfPUHJ0ow\/0c85EIY68wNHS2l8GxsCTWWIwku2wf50mPqxrl+1n671X8OUkROVHpXnmai0s0QxSEoZp69BrYpawzih3LFFE7SH1IlOOIGPvFrkwFdeZTugxoml9ScW\/gMOFQwzZryx9bCdhzHmFoW6mmg\/5nY8CCPxrgZMbugKA2zwm\/j8oLLkvPAJ+itAXJ2YpEbKakeLAmgtAc5fJAoxkIU\/sbfT9t2rzGCZNeQQdPJl14M7opb9HEEJXNPkGF67TrUv0G\/dZwZOtOrkfX2xJVwNp3UclJ\/iTJKObQi+EAGES1HygmjtGRq8Tw9fzkXGqZn4gqGO2AryS0iD6K1mli10Wora1K+tzcNCxJRSEhICHpcw+\/8pPzzBC2a7ba7+2CKwaFIpSpVKQOBj5kj88ICODnySq15+BrBha6Jnl2iDPgY9G1rQVXLWM+kRuLeDEpPTv9Fx7NAPtu8l+WUJl1uLI8fPydEfY0NZt9s9z2G5aualfcF5\/gKo9fgIuzLVsKlZ2BrKlnOG0CYYWFbxPt64Lmyfgx0J37h0vBb8H6EO2dmss+cMbHEngzusBmMosh68l4nz8y0UN4KGOKlsiKrfKPpwnnbq4Jym+Zji8787Dpku3f+fv2I2pkAMlmEEpgWilxPFK5EWW2Pyd4T7PMFzwA3FYs2lR6kzUoYdrFwujmrgq0iZCKTO7onl51\/8QSXmCFOeBUoj8LkkEYJMcC2\/WE72ISLcwUdCwoHFUTzWyN3nCfvw+hoIv3hz8BIUuQTts9gRm14X2NZHg3SlZ\/KvNra4EBQOOOidAxA96QoI+6My4raEbb17SCtBAcX3CjQcxRQd6V6\/2L1vBQJwaYd6fV4iCpscRvxuYLNk+R7r+cxl0rk+f6MqaMBd+ijLdNHdGGGO9HQaqSiKkkTIiWUdHv6\/S7gl1rtzUGufURTCXYpFlNMkYp\/eb78t8+9gasoZ+Rxq2rl+APqPesXG1DoYwtagbXRP7Ai15oxhJ4H1E9miSVf4Ce1sfE+f63w2nRtsILZLgVFW6ojgrQ7VAf\/jrBdoNrQQVcqpVHcFUxvvMuF8nBiaMFvrOWvZ2zCwdzz8jq1XtifC6wQ5NYeZw6ig5XlSCnNI1X3pUzEvdrcM8QofgqcBGnHXNao6zp5ep2n\/oeJlsNLt08wy0OX7wFAJZFaQjmplpma6+xRP4gotLec90DFV87PqQlqvjjOIp3xUCLcij9Fxphy+x4\/CxS7eOs3LFg2tiHzFxJDeoynzwZLIsZlmHj5IkU5+af1oBPm+8ECFwZHS+g2u5bOB9saIpuJlHFDtIGI5C5WcCD3zjn5+I4VcJAoGQ+b42Verv214tZHScQo7OAucHlbOz6xfx4mmFNJiv5p5KNFy+WDR42hLLAA8o2lo1I="}
01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":62561557,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62561557,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":62561632,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"thread_ts_usec":62561632,"pkt":"CAAn5uVZUlQAEjUCCABFAATaA9wAAEARkLBFxY+zCgACDwG76ykExoQiINMcOmlkYC+gAAAAAAQ8c9zHxnZv04EkYYWJ\/YjCX51+fPXgeODoxwP44wULUO2p2P2ouYzo5GsBURn\/sCv3PXe1\/KQAxDJUyYtaBb8BTa6n+yAdHyv3DxhuucsBGy2MQu4fCZOaTa4ubl6fAt5t6SU9G+FIrJrVz4LPxKipwQ1GjBmwiS5+uB5InVWKl1suQhPl3NwMx+6DIFg9kNrfHgeDJy3bPZ9CU1PFiZkwBibfPs9Mx3zi91DNLiYSFI8onnHZkO+zhu4oKXvyWr7xldiwdzlRcRvKWksHYxYUY1EXvM6f1WY9aB1EVGu1xtoZHYCCBG9Sb92UM62Lp9KzTbBwxCkpyHl\/8jmFIomwKQbTEEEylgz0egja6thbyiZHts6+yliAVe2+56oSs72pGbk1U\/GUT80VOtutuW4OjRBjzFXKMbXxpL4qe+w1AcrlLqnqCswSYB2Eapyzuf5HhVmkKZ+UvUqpARpOsFpSf2zkm7x69P\/uIODVUlduSYnjQY29xFiv\/IXeomTJyuWb7j+cq4FPIUR2RXCUuH0MU25l64E\/nVnQjpfyjJA4YO5AFzknM8IFqLhkv2pa2cOfI4HaMCv6YB10qXKnntkpRzkPuN0xQB\/uZfj1BeFYzdDIeC9zbJopYuNkhpgAVNpFtnI6OdmKcJJmm0yH6pPYYLWc14Idg41Q64wZwfKVYswAoQD8KmjwI+LWVvdIq\/09O+hYn1fBzp889Q+nXJ8FSvi6SKut50\/lbx6nEw9kZr\/OhzCOJPaUka3R5MYYFLNFTZKoB1Ycn9BO9R0kNzLYAe3JH5PqcSXnULh3lYKW5A5Dfql+Oxs4m0blIb+mtElP1Q7h038TtO87s7SpJqmDg2ddf8S\/r6X2iHZbNPrdDHdLVeIc2+UbOzRqKeLVntkWNW+H\/yiwq\/x8eB9koSwd\/veckfoM18vd27sLALlJ9Q0iEDuKNjJdR04zM0afI\/fnJ8vyYEmVWKz0isKDDZSCBiSN2tB6FjsY\/8vivSrpsuHrGy3oy2GkFJENOsHP\/gFiyXP57GBExDMaWs\/yHt8xueM7M\/HmYVZgtopx0V+spMjNZvvCv2k4A6dqe0zcAL2ewJ2LwsxtSOqiteOuCeI5iTOEFPQeD64XA\/1uwd6TMnup4+tyev3zi5jfmoraUQpFLcz9zv\/NAkBiQpPLLCtowTGeqgCVvUFw+2\/8z9EmcSEZQgHBrUDXkSYf+DH+gjqLNB43F84cBuKCGGNyglN5YJz\/5eBiuHr4Wr9CeepDtGo0+fpHwPxVrmn5KAgZuF8YVzWzsrf7RZhTiUIXCe2fZkSuX03pQTxj+nhswQLKCxyEWG54dh2VwJfPodreiJr3G5oW6gtmACM\/l9kzwiWqmMsPg3efvISkF7OpU7Uyff3rvoDSKl8MYW9OO5YZd8Qo7Fd+5sseawB9Ky6GuWtioGLJ\/hrMczlq16n1YdErjFjri7V8V\/Mpr9+\/6usGyeHAe+LTtIavEbx4HqwzbiAIEsMAJn+qG8DyJuPPCd189v5bw4psay7eSHufyXCwhOiD6XVxaMUsNlhfcyRUcHKSCs8NjazI5Btjl5iuTU8cHV0Wd+o4iYggBJsXWFlK8iw="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562792,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc0AAIARnX\/AqEsSpqG1EuspAbsAHlkyKDNIV3A9lts5AQAAAAHTHDppZGAvoA=="}
01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":291,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":349,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62562792,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":62562858,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562858,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc4AAIARnX7AqEsSpqG1EuspAbsAHlkxKDNIV3A9lts5AQAAAALTHDppZGAvoA=="}
00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1358197736781122}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1358197736781499,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1358197736781499,"pkt":"CAAnQNKjCAAns07aCABFAAA04dxAAEAGEJ8Ktet6CvtHHptcBKpaoHPH68m\/IoAQHITNaAAAAQEICv\/\/kh7\/\/5kO"}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1358197737794869,"pkt":"CAAnQNKjCAAns07aCABFAABE4d1AAEAGEI4Ktet6CvtHHptcBKpaoHPH68m\/IoAYHIRv0QAAAQEICv\/\/kxv\/\/5kOAA44UHoop4J1eI0AAAAAAA=="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197737795813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1358197737795813,"pkt":"CAAns07aCAAnQNKjCABFAAA0JixAAEAGzE8K+0ceCrXregSqm1zryb8iWqBz14AQHEjLmQAAAQEICv\/\/mgz\/\/5Mb"}
00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197737799430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1358197737799430,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":64743583,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62569622,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2915,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1467904946700231}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467904946700231,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946700231,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946755145,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1467904946755184,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467904946755184,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1467904947700508,"pkt":"hCYVLjtSAA6OGXEMCABFAABgANdAAEAGYYzAqAFNLmXn2ursAbu+lXufbMVVl4AYOQicxwAAAQEICgANe68ANCgCACo4krivSnd\/x0J4ECTCdtmhqMIyGHmgImSzzLyAdwAAAAFXfnOzAAAAAAA="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947752893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467904947752893,"pkt":"AA6OGXEMhCYVLjtSCABFoAA0fZtAADQG8FMuZefawKgBTQG76uxsxVWXvpV7y4AQOJDXpgAAAQEICgA0KPsADXuv"}
01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1467904951543523,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1470218591746723}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470218591746723,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1470218591746723,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1470218591941902,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"}
01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1470218591941902,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1470218591942539,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470218591942539,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="}
00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1470218591943377,"pkt":"mAyC0zx8AAjKQoXqCABFAAFL3udAAEARTEHAqCsMizuXiaIjNXABN2YDILAsz\/G18BdPpXrCc4HfKvVooXdu\/RWr9x4wrZ0AAAADV6HBXwAAAAABFgMBAQABAAD8AwNE5fcPgzd79Sso6M19xG8bQl07yo41gslSLfJlFeywdgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218592119150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1470218592119150,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="}
02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":395,"packets-processed":394,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1472334890224928}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472334890224928,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334890224928,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334892420816,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1472334892467380,"pkt":"MFLLbJwbmAyC0zx8CABFAABSgmRAADERuLeLO5eJwKgrEjVwNXAAPoh1QDWQheTdAi5E5ZNzw1yvtD56Ix7qRbnOSoCURYgAAAABV8IMLQEAAAAAZg7imqSQsFkAAAAA"}
01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1472334892467380,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1472334892467532,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1472334892467532,"pkt":"mAyC0zx8MFLLbJwbCABFAABOfN1AAEARr0LAqCsSizuXiTVwNXAAOg7LKGYO4pqkkLBZccsCgHbPMustlcqr4N4\/rNnPtukAAAADV8IMKgEAAAAANZCF5N0CLkQ="}
00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1472334892467660,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1472334892467660,"pkt":"mAyC0zx8MFLLbJwbCABFAAFLfN5AAEARrkTAqCsSizuXiTVwNXABNw\/IIGYO4pqkkLBZmyjlNBaAxD3dZ4KkKKFzUtIqpCkAAAAEV8IMKgAAAAABFgMBAQABAAD8AwPWitxhdgXJqtNghCcqHLNlospc\/gDFPYmAVgJE80nHTgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":515,"packets-processed":514,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1512848303527265}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="}
00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1512848303743400,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1512848303859503,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1512848303859503,"pkt":"AAAArFWYSEb7fvLiCABFAAAyFfEAAD4RWeIDb6ZOVYYNpcfKBKoAHgbvKDn97S2qEKQ3AQAAAACUIZF95yZ3KQ=="}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1512848303865302,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1512848303865302,"pkt":"AAAArFWYSEb7fvLiCABFAACOIDYAAD4RT0EDb6ZOVYYNpcfKBKoAelMSIDn97S2qEKQ3AAAAAAEWAwEAjAEAAIgDA5yZa+33hsQlHJybi\/1GEeSPsfPEVsCkgrx0k4rbr7kYAAAOwC7AMgCfwCzAMAAvAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAM"}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1512848303868693,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1512848303868693,"pkt":"AAAArFWYSEb7fvLiCABFAABXqX4AAD4Rxi8Db6ZOVYYNpcfKBKoAQ1UHIDn97S2qEKQ3AAAAAAIACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1512848313443088,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":615,"packets-processed":614,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1674530805823658}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674530805823658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1674530805823658,"pkt":"3q0AAL7vyv4AALq+CABFAAA8en1AAEAG6fp\/AAABfwAAAY0qAbtCnC8cAAAAAKAC+vDWcgAAAgQFtAQCCAqSkA+aAAAAAAEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1674530805845857,"pkt":"yv4AALq+3q0AAL7vCABFAAAsFhoAAIAGTm5\/AAABfwAAAQG7jSoFklDgQpwvHWAS+vBv0AAAAgQFtAAA"}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1674530805845941,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1674530805845941,"pkt":"3q0AAL7vyv4AALq+CABFAAAoen5AAEAG6g1\/AAABfwAAAY0qAbtCnC8dBZJQ4VAQ+vDWXgAA"}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1674530805847176,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1674530805847176,"pkt":"3q0AAL7vyv4AALq+CABFAABgen9AAEAG6dR\/AAABfwAAAY0qAbtCnC8dBZJQ4VAY+vDWlgAAADY4KlbZedmezPQAAAABY89P9biYJLCqTpPAicHiSvVEN2a1yrGMI8F9UQgesZaiKQhe7BedDYg="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1674530805847176,"flow_dst_last_pkt_time":1674530805847398,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1674530805847398,"pkt":"yv4AALq+3q0AAL7vCABFAAAoFhsAAIAGTnF\/AAABfwAAAQG7jSoFklDhQpwvVVAQ+vCHVQAAAAAAAAAA"}
01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805872386,"flow_dst_last_pkt_time":1674530806093884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1674530806093884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530806238844,"flow_dst_last_pkt_time":1674530806238807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":3980,"flow_dst_tot_l4_payload_len":4153,"midstream":0,"thread_ts_usec":1674530806238844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":26785.0,"max":221529,"stddev":54768.3,"var":2999562752.0,"ent":3.1,"data": [22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780]},"pktlen": {"min":40,"avg":296.7,"max":1500,"stddev":446.1,"var":199012.8,"ent":3.8,"data": [60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40]},"bins": {"c_to_s": [7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0],"entropies": [4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":49,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848321248132,"flow_dst_last_pkt_time":1512848321143065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":4911,"flow_dst_tot_l4_payload_len":6351,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":661,"packets-processed":660,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1721749298243731}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721749298243731,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1721749298243731,"pkt":"CL6sCxduJjb1W8R1CABFAAByFAlAAEARlwnAqAyca6FWg6CtAbsAXg+VOJdTVokkhC97pkUdALIEVCzsEYPShleceg0bTnfJM70eRMd4BDg1OZ5GwVuYb5HRiDRn8gPDee+EOUPJkfTX+iIJOkv\/k4ZPuAAAAAFmn88xAAAAAAA="}
00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298379296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1721749298379296,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+HVVAADERnLFroVaDwKgMnAG7oK0AaiqzQCYSWT7juyd60fFK\/YXMArx70GFSVLH9+IflmzkT3Z4AnU2vhwbw7\/JWQwQE7vFMojC0XbJhUjJBToQYaU1A50et1DLK3772IwAAAAFmn88yAQAAAACXU1aJJIQvewAAAAA="}
00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1721749298390690,"flow_dst_last_pkt_time":1721749298379296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1721749298390690,"pkt":"CL6sCxduJjb1W8R1CABFAAB6FBpAAEARlvDAqAyca6FWg6CtAbsAZsKtKJdTVokkhC97ydXgXr0BhOCzS36iRCWkersi16E4Xw6\/q+a6N1ToOgR6ThkU0kD3MzJcoT0UMCazmRhOGtwXfmzYn1O1Scmq6wAAAAJmn88xAQAAAAAmElk+47sneg=="}
01009{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298379296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1721749298394584,"pkt":"CL6sCxduJjb1W8R1CABFAAGNFBtAAEARldzAqAyca6FWg6CtAbsBedurIJdTVokkhC971WahRuLb6gW1m3BzXK++ZHcorYLy\/+2B9VGcISBVyxKDFXQxypHB4WcKIzjBMA\/+3IPSzYejBAXUe6EBbWCZVwAAAANmn88xAAAAAAEWAwEBFgEAARIDA835a0LBfDrCD+mXUnIk1QxeHR4L3trYpmTGXFDoBOVpICbc8cLWFEyBp1Wq3e1+ElooyI9VE1b4rrpefMTYAvguADITAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMA\/wEAAJcACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsABQQDBAMDAC0AAgEBADMAJgAkAB0AINJL3YbrIYy7HuEiwxk\/S3ilSFYxo5Q5Y2H8lyilSIlI"}
02037{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1170,"pkt_l4_len":1136,"thread_ts_usec":1721749298531546,"pkt":"Jjb1W8R1CL6sCxduCABFAASEHXNAADERmI1roVaDwKgMnAG7oK0EcNg8ICYSWT7juyd6nyJXQq7IbIKHQupGskFMGQhmn1uEHfvrLI9agQwLpbq42xt\/cQlErfDfWuqU4rhEMOkaQOsnGRXSIHh6c0qfjAAAAAJmn88yAQAAAAGXU1aJJIQvewAAAAEWAwMAegIAAHYDA06PUH1GbY+hevPYpm8KVJPvOmQQ11f5kIP3iYHNYzsDICbc8cLWFEyBp1Wq3e1+ElooyI9VE1b4rrpefMTYAvguEwIAAC4AKwACAwQAMwAkAB0AIJ8nsxRIqIEANks\/1Ly60GQOU3SO+XmMBrwr2bfmY1pLFAMDAAEBFwMDABcO1biAGtbpY7gLXPQ71amHlRRFYzA5ERcDAwwYiW5x8Xd1PuquDLBQGt5hepR+t+XKjEBRP98VozUYXu0SSaxZ0pHBM60V6G82iQGk28JGyyh4ZrAXJfQrTf5o4pVb4A59XlSgrTg\/Hmb4aE5sR4usYpB4Sr5CcxD71gDcjnS+9+SQUIufQI0Y6NMMJFNoCANXMYni41VuiFo3gsCIT3SrA7dlt2hHjjNWZ\/Rx1NBN38Ol+ZkHBMCv8JV\/KrTSmG3rB2p5sAjxTCwA+ppmg09Pij62Uwi+re9HWQrPmbw+9oXvZY+77y7\/K1geAA5MOlyymCule813Vw0Cofqdb4UTyyoO4qhgS8XNZiN3EQGM1Lv+aU+ToL4urZ45g8wvAvMW5JD2FFI2UvM\/qXHhGpGddqNAdlN7KA+TO8jvq+AkItMOXJ4b0D5ljfH3cpmxUQmZP+66iVpyNLSivKCcSqy2QbhySglUa+xcreYgpzIdhwv9KnTUtpr9A3H58Y8\/5lDVhX8FI5wJ3ZZEB+iRT5SwSHdT99Za42NkLEvMhzXJmbusL0C8wqnFUltqV2Q7c217SGOXg7o+ruQoRFxb64n3baK1kqGswWdArDMrNXhVkdv5IS\/3ZYLVwXGxHcfhX\/rI6S1tdwR4jNXWgHdpgfzKAi13xAu5WlCsCdK4vDkIQNUL7tmbFcWJuEUYXzzecEX9SqWCLqPGE6eVW6fS397jfbH83VSlX6TnmTV9s7RNlAPELxKeUktSr+zt\/WmPbZt2Pg0jGIT66bQ7x5DNOoGF83+eBytUIwi5i3FhD8T1XkOcwkflHd7GCTXsVJzJNaazi6+EtvQYOReV3nphBOy9RnC1cEWyfKLlsygEog3eJlPk1dmlVg2MaN9lX17XIrlfdxGrbooTcRwRPV43RLreI5gBFL3U4kD+lvQW3QHwHrlUarebZMabotE+Bt2a0+tSAaw7PCLpD++tZxVE9r0czsx3v6FDuGR5HTVB7\/7dbcV\/kXoY\/PKTPNGxwMOMlNhLdhImcqKduXsvgnrB8uYVuK9fq5pSKDSrFdfIukfN4VOBPzjzV\/E1P7Z\/qDhLJ3tyzmny4lUewQSRxEwB\/Be0NCDpOEQF1mkno7d6cKZHKK6t+ZRD\/r7geSc34pz40tYzeBf023wAvNzvW7rdvTEGFLurNABtfANjp+Z5"}
01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":549,"flow_dst_tot_l4_payload_len":1226,"midstream":0,"thread_ts_usec":1721749298531546,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530807378228,"flow_dst_last_pkt_time":1674530807378181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":4290,"flow_dst_tot_l4_payload_len":4516,"midstream":0,"thread_ts_usec":1721749299378529,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":692,"packets-processed":691,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1722426295459977}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722426295459977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1722426295459977,"pkt":"CL6sCxduJjb1W8R1CABFAABy+w1AAEAR03LAqAyc2YrFK5IHBNIAXtnFOI\/dK55B2KvqxsN8gytkwVh5kGTwbRjoLCbcCU1yQV4PR9iCp\/ikWCzQ2bVD9uuCRAyJ4\/8WjdJ5Z7S\/b9UE8MBYgjT6V286AQAAAAFmqiO2AAAAAAA="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295463060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1722426295463060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+3+1AADgR9obZisUrwKgMnATSkgcAas\/4QPun5+al\/RJ3+vfB3LWDZwxirRfxNlIkahL4Jiuhp+o\/w8wjNxPFCQXubnU\/xVrVIuP3OB2yztl88I4zr0jZsBsM\/jki2a+LtAAAAAFmqiO3AQAAAACP3SueQdir6gAAAAA="}
01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295463060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722426295465818,"pkt":"CL6sCxduJjb1W8R1CABFAAGT+w5AAEAR0lDAqAyc2YrFK5IHBNIBf+f7II\/dK55B2Kvq+58lDsOBXiRFGbk2I8s8JOXA1fImLQb4T+KR2E2uK7mQGMm5tPmgdwsDlBNcsQAq411kVKZZSGVFIvff4\/36VwAAAAJmqiO2AQAAAAD7p+fmpf0SdwAAAAEWAwEBEAEAAQwDA1qkd6XceFB6CrSXHOj+\/kaEbpXzSJh9ZAs5u4AqtUG4IM0KzkTCLxWpalLIN1XgyDzss0Uhpeld7k70gGpy01JTADITAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMA\/wEAAJEACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEABYAAAAXAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsABQQDBAMDAC0AAgEBADMAJgAkAB0AIAK60skzafjE+pYU8rJs4dZMCMeSUhSBoNbmaI3Bv\/Vq"}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295473842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722426295473842,"pkt":"Jjb1W8R1CL6sCxduCABFAAB63+9AADgR9ojZisUrwKgMnATSkgcAZt+qKPun5+al\/RJ32VG9ezBSrZxD2L\/CzMgK8sbJWh6lZMJAuyFW9Aop4jBPHgQuv+UTUPE51papo1RCs3sjeeI0aOwct6q9g\/cLGQAAAAJmqiO3AQAAAAGP3SueQdir6g=="}
01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295473842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":461,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1722426295473842,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN.NordVPN","proto_id":"159.426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295473946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722426295473946,"pkt":"Jjb1W8R1CL6sCxduCABFAAR43\/BAADgR8onZisUrwKgMnATSkgcEZKG1IPun5+al\/RJ3z9xoyS\/6NYkWIP+E\/StwZOexNqFphaUNSbkbFC+6P2KsMWt8PmzNpo6pdhvrrPCYmvXQ6Jr42Gm71AEIZNgxFAAAAANmqiO3AAAAAAEWAwMAegIAAHYDA7q6lvZV+wG+N+iVVUFAXSDj9NGQbDFNNK8zWybgE4s2IM0KzkTCLxWpalLIN1XgyDzss0Uhpeld7k70gGpy01JTEwIAAC4AKwACAwQAMwAkAB0AIJeeDgZWdLstoQ7r1ztT4X6\/lx4iikqGvChGOtY\/SV9xFAMDAAEBFwMDABf438pj9h5fKSmGQXScjUbDiTUoBjBOvBcDAw\/XrEOb2tP+hJ6gg1f4fqr0jRq\/l9c7FrLibzEm7szAv0G+NYIuqgsKlPKMgoX1yg2b17yKsaM1iEUmp3c7u1X1DgT3zlRiMO2KOwAVAaHNvRWBV0M1qpl\/fB\/zTXV336VmlGN1EB2xQtq0Dh7IgHeTR4Gr1E1XhW9Jwbn1zCiTL1yXXtdXHDgYex0uPBICTykMDQ\/Tqv\/uO\/gkhBRdF23f6vg5FTfNuGt+Xy0Fk0ebg0v+GcG59TjCqaQUy+Q03NPLM6yy3yxzJpxPfyn\/mYzwz9EuGm9lP2P0Vvcp18W3EF2kwHKIkJ6mylHoAHh04HK9eJE1ouC0zkv6PLm3RhSZBhiD0NKQvOONiuCyy7ApWTFTvp9eUTzzhk6x16AirTEdZBK+7kCBftO13E0XwSBqRs0OEtQoiUjWPa\/4WyOXRa1ItLraxUvg9lXQYOC3ks5uCttsPvDOiiexC1NlkCoT+1cbgZ93W\/Zw0hQVQEv9nHWQeKHlYFITaSycvKpslooCRfq2oQc2xVZMjgR\/w6Ell9pM48XE49mzAFHa1+X5TBSv4Mg5+jtttTPmA4HycFkAC6Bvaw+o86yDA659C1tYv+GqHmnD6n\/cAChXO5axknJZyf8k2FkfqeEk0J9JjuK9Vk+a49trVCFJoef+roiyXVfXk5iVhyCM6greJpD4Q+M\/CmpdRxk8eefzJbl8exyfr6nL1mReMuS5t4NQSsaLZgubcW3ELfW8c4zkWXK0RID9qY4D8RcQ3qzQBM1xwO9ocFeNPyvL\/iTrZLMifvlcO12hy8uCdZQURdjwxNJ9OzIwyyFwbwyh5T7CN2Gh88GCRNSHVDqC5AeT7yU+P6DGljhpOFK8obCc6HCJVoYBNs5MMEV4KS3j0eQ4KcHSYDRk9oNOnB6CAVT3VazUjrH\/mRaW0rn3iJ+6DRo1q8\/n5aTbYIR31blR6n7qEC9hYsNNR\/ciLMpQyndPKFWmy3pmrISMkM2SLmxD+WJk4g4e6nw2jk+49ZnN+rrNs1tThwzvWfK8tDa0wEY4CZcbKlpXXOPqAPVx555vGYFx3O7s3ZFNqWli24dSWjGQaXYdBMNV\/oHx1sEfLG2WOs+T3JFYZ84H\/ENfWq6nHLhQihj5fuhwjtbsxEA9uLuHd\/kHVOE4"}
01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295518153,"flow_dst_last_pkt_time":1722426295520888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":1617,"flow_dst_tot_l4_payload_len":5715,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN.NordVPN","proto_id":"159.426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01210{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":10,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749299342384,"flow_dst_last_pkt_time":1721749299378529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":749,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":2863,"flow_dst_tot_l4_payload_len":5527,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00804{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":706,"packets-processed":706,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1722426295520888}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 706/706
~~ skipped flows.............: 0
~~ total layer4 data length..: 101830 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6688780 bytes
~~ total memory freed........: 6688780 bytes
~~ total allocations/frees...: 114836/114836
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 508 chars
~~ json message max len.......: 2325 chars
~~ json message avg len.......: 1415 chars
|