aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/pop3.pcap.out
blob: bc305c191ed7ce06f83ecedb458c517206452504 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1349776771892023}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1349776771892023,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776771892023,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776772030343,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772030396,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1349776772168746,"pkt":"AMCfw1sHABffs8QACABFAABX02RAADUGrLlK0AUcj+HltQBuidcdXnV8YJLCuIAYAAzvdAAAAQEIClOkphgAYD5GK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaWdteHVzMDA1DQo="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1349776772168788,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772168788,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/w1AAEAGdiOP4eW1StAFHInXAG5gksK4HV51n4AQAFzFqQAAAQEICgBgPtFTpKYY"}
01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776780730528,"flow_dst_last_pkt_time":1349776777636137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1349776780730528,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo","auth_failed":0}}}
00791{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1377201663814560}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201663814560,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663814560,"pkt":"TBfrZBZJyPczS4I3CABFAAA0TaRAAIAGB+rAqAAE1OMPpmagAG635okIAAAAAIACIAAB4wAAAgQFtAEDAwIBAQQC"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663880379,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqD\/+KO8t+aJCYASFtBnRQAAAgQFtAEBBAIBAwMJ"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1377201663880460,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1377201663880460,"pkt":"TBfrZBZJyPczS4I3CABFAAAoTapAAIAGB\/DAqAAE1OMPpmagAG635okJ\/\/ijvVAQERytzQAA"}
00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1377201663880460,"flow_dst_last_pkt_time":1377201663927830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1377201663927830,"pkt":"yPczS4I3TBfrZBZJCABFAABgjoJAADkGDeDU4w+mwKgABABuZqD\/+KO9t+aJCVAYAAy33QAAK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaW1hcDQgME1Ib1VyLTFWRHhSRDNVaTUtMDAzZXEyDQo="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1377201663928207,"flow_dst_last_pkt_time":1377201663927830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1377201663928207,"pkt":"TBfrZBZJyPczS4I3CABFAAAuTblAAIAGB9vAqAAE1OMPpmagAG635okJ\/\/ij9VAYEQ4NCQAAQ0FQQQ0K"}
01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663928350,"flow_dst_last_pkt_time":1377201663977662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201663977662,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
01191{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776799071277,"flow_dst_last_pkt_time":1349776799209697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":1780,"midstream":0,"thread_ts_usec":1377201664026584,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201676627010,"flow_src_last_pkt_time":1377201676627010,"flow_dst_last_pkt_time":1377201676627010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201676627010,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26284,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1377201676627010,"flow_dst_last_pkt_time":1377201676627010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201676627010,"pkt":"TBfrZBZJyPczS4I3CABFAAA0U65AAIAGAeDAqAAE1OMPpmasAG6+qsBeAAAAAIACIADDvAAAAgQFtAEDAwIBAQQC"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1377201679622852,"flow_dst_last_pkt_time":1377201676627010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201679622852,"pkt":"TBfrZBZJyPczS4I3CABFAAA0U7dAAIAGAdfAqAAE1OMPpmasAG6+qsBeAAAAAIACIADDvAAAAgQFtAEDAwIBAQQC"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1377201679622852,"flow_dst_last_pkt_time":1377201679672783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201679672783,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqyrjo1ZvqrAX4ASFtCT7AAAAgQFtAEBBAIBAwMJ"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1377201679672866,"flow_dst_last_pkt_time":1377201679672783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1377201679672866,"pkt":"TBfrZBZJyPczS4I3CABFAAAoU7tAAIAGAd\/AqAAE1OMPpmasAG6+qsBfq46NWlAQERzadAAA"}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1377201679672866,"flow_dst_last_pkt_time":1377201679721762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1377201679721762,"pkt":"yPczS4I3TBfrZBZJCABFAABgSudAADkGUXvU4w+mwKgABABuZqyrjo1avqrAX1AYAAw1zwAAK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaW1hcDggME1IWEZRLTFWRGdTRjEzMDgtMDAzTllxDQo="}
01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1377201676627010,"flow_src_last_pkt_time":1377201679836131,"flow_dst_last_pkt_time":1377201679883057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1377201679883057,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26284,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698254021,"flow_dst_last_pkt_time":1377201698254021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201698254021,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1377201698254021,"flow_dst_last_pkt_time":1377201698254021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201698254021,"pkt":"TBfrZBZJyPczS4I3CABFAAA0WOpAAIAG\/KPAqAAE1OMPpmbAAG625viPAAAAAIACIACTOwAAAgQFtAEDAwIBAQQC"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1377201698254021,"flow_dst_last_pkt_time":1377201698302143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201698302143,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZsDY6LCLtub4kIASFtAS3wAAAgQFtAEBBAIBAwMJ"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1377201698302245,"flow_dst_last_pkt_time":1377201698302143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1377201698302245,"pkt":"TBfrZBZJyPczS4I3CABFAAAoWPVAAIAG\/KTAqAAE1OMPpmbAAG625viQ2OiwjFAQERxZZwAA"}
00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1377201698302245,"flow_dst_last_pkt_time":1377201698350036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1377201698350036,"pkt":"yPczS4I3TBfrZBZJCABFAABg3\/9AADkGvGLU4w+mwKgABABuZsDY6LCMtub4kFAYAAwHiQAAK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaW1hcDkgME1LMG9yLTFWQmxpbjNpeFotMDAxUlZODQo="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1377201698376232,"flow_dst_last_pkt_time":1377201698350036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1377201698376232,"pkt":"TBfrZBZJyPczS4I3CABFAAAuWP9AAIAG\/JTAqAAE1OMPpmbAAG625viQ2OiwxFAYEQ64ogAAQ0FQQQ0K"}
01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698376315,"flow_dst_last_pkt_time":1377201698433554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201698433554,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201700505011,"flow_dst_last_pkt_time":1377201700505011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201700505011,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1377201700505011,"flow_dst_last_pkt_time":1377201700505011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201700505011,"pkt":"TBfrZBZJyPczS4I3CABFAAA0WhxAAIAG+3HAqAAE1OMPpmbEAG7vLFBIAAAAAIACIAADOQAAAgQFtAEDAwIBAQQC"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1377201700505011,"flow_dst_last_pkt_time":1377201700559388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201700559388,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZsRsDtFm7yxQSYASFtDO2wAAAgQFtAEBBAIBAwMJ"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1377201700559457,"flow_dst_last_pkt_time":1377201700559388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1377201700559457,"pkt":"TBfrZBZJyPczS4I3CABFAAAoWihAAIAG+3HAqAAE1OMPpmbEAG7vLFBJbA7RZ1AQERwVZAAA"}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1377201700559457,"flow_dst_last_pkt_time":1377201700608143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"thread_ts_usec":1377201700608143,"pkt":"yPczS4I3TBfrZBZJCABFAABhbjdAADkGLirU4w+mwKgABABuZsRsDtFn7yxQSVAYAAwM1wAAK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaW1hcDEzIDBNVzVyWi0xVmF5ZVoyakZwLTAwWFZaZA0K"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1377201700632466,"flow_dst_last_pkt_time":1377201700608143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1377201700632466,"pkt":"TBfrZBZJyPczS4I3CABFAAAuWjFAAIAG+2LAqAAE1OMPpmbEAG7vLFBJbA7RoFAYEQ1yhAAAQVVUSA0K"}
01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201700713255,"flow_dst_last_pkt_time":1377201700765070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1377201700765070,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201783749577,"flow_dst_last_pkt_time":1377201783749577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201783749577,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1377201783749577,"flow_dst_last_pkt_time":1377201783749577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201783749577,"pkt":"TBfrZBZJyPczS4I3CABFAAA0e6FAAIAG2ezAqAAE1OMPpmcPAG4K4LkNAAAAAIACIAB+dQAAAgQFtAEDAwIBAQQC"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1377201783749577,"flow_dst_last_pkt_time":1377201783798292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201783798292,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZw9bLNgqCuC5DoASFtBUNgAAAgQFtAEBBAIBAwMJ"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1377201783798402,"flow_dst_last_pkt_time":1377201783798292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1377201783798402,"pkt":"TBfrZBZJyPczS4I3CABFAAAoe6JAAIAG2ffAqAAE1OMPpmcPAG4K4LkOWyzYK1AQERyavgAA"}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1377201783798402,"flow_dst_last_pkt_time":1377201783850368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"thread_ts_usec":1377201783850368,"pkt":"yPczS4I3TBfrZBZJCABFAABh0ldAADkGygnU4w+mwKgABABuZw9bLNgrCuC5DlAYAAx28AAAK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaW1hcDE1IDBMZkQ1eC0xVnNWVTQzMjdNLTAwcEhTbg0K"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1377201783883686,"flow_dst_last_pkt_time":1377201783850368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1377201783883686,"pkt":"TBfrZBZJyPczS4I3CABFAAAue6dAAIAG2ezAqAAE1OMPpmcPAG4K4LkOWyzYZFAYEQ333gAAQVVUSA0K"}
01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201783980510,"flow_dst_last_pkt_time":1377201784031062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1377201784031062,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784718387,"flow_dst_last_pkt_time":1377201784718464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":8905,"midstream":0,"thread_ts_usec":1377201784718464,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":62506.4,"max":111543,"stddev":37805.0,"var":1429214336.0,"ent":4.6,"data": [48715,48825,52076,85284,79802,1152,96824,99740,95016,92446,96843,111543,96817,82417,95960,94961,97000,96016,95243,97960,1952,51026,3189,67,3235,44696,56453,59665,2391,50284,99]},"pktlen": {"min":40,"avg":324.9,"max":1500,"stddev":545.2,"var":297234.1,"ent":3.5,"data": [52,52,40,97,46,58,66,46,131,52,58,106,131,46,58,46,72,46,132,48,58,1500,40,1500,1500,40,1229,48,58,1500,40,1500]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1],"entropies": [4.421030998,4.853535175,4.780641556,5.658839703,4.965921879,5.375223160,5.222204208,4.922443390,5.467526913,5.038779736,5.202809334,5.763947487,5.449919701,4.922443390,5.142296314,4.835486412,5.067367077,4.922443390,5.701879501,4.967222214,5.271774769,6.020136833,4.780641556,5.349530697,5.308346272,4.780641556,5.390463829,4.951495647,5.306257725,5.634154797,4.730641365,5.796863556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663978066,"flow_dst_last_pkt_time":1377201664026584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1377201676627010,"flow_src_last_pkt_time":1377201680096849,"flow_dst_last_pkt_time":1377201680147200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26284,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698460579,"flow_dst_last_pkt_time":1377201698507279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201701042241,"flow_dst_last_pkt_time":1377201701091336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":297,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":30,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784963062,"flow_dst_last_pkt_time":1377201785011707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":19651,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
00797{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":144,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1377201785011707}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 144/144
~~ skipped flows.............: 0
~~ total layer4 data length..: 22700 bytes
~~ total detected protocols..: 6
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6669266 bytes
~~ total memory freed........: 6669266 bytes
~~ total allocations/frees...: 114225/114225
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 527 chars
~~ json message max len.......: 2298 chars
~~ json message avg len.......: 1407 chars
Powered by cgit, Themed by Ted Yin.