aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/stun_google_meet.pcapng.out
blob: 5318b7a36d3064b951e0bbe0bec0b6d64c8e6567 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="}
01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250407,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFptAAEARi+HAqAycSn2Af7FYS2YAHPW+AAEAACESpEI5R2RXSytLQjJQSUU="}
01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268181,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKIBgAQEADCESpEJrQUdOTnp2SE5INTkAIAAIAAG5anwxD5M="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268368,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKK9BAQEADCESpEI5R2RXSytLQjJQSUUAIAAIAAG5a3wxD5M="}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003685843,"pkt":"CL6sCxduJjb1W8R1CABFAACYqbBAAEAR4hnAqAycjvpSTJUIS2kAhI1dAAEAaCESpEJmUVJDSFcxSjg2d0gABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAUSRkFwEU4Xe2ByBahcg5+zSK7DUGAKAAE7yXU\/g=="}
01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003713559,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASIF0AQEALCESpEJmUVJDSFcxSjg2d0gAIAAIAAG5anwxD5MACAAUnCbUxns7ByhLQe3gWJggj2fuRtmAKAAEzTlfeQ=="}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003846345,"pkt":"CL6sCxduJjb1W8R1CABFAACYqb1AAEAR4gzAqAycjvpSTLFYS2kAhPiuAAEAaCESpEJ5eUQvQ0MySmgwQzgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAU4qPC0PvptNKr3xno5a6znzZ8MzGAKAAEv54I6w=="}
01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685003850184,"pkt":"CL6sCxduJjb1W8R1CABFAACUqb5AAEAR4g\/AqAycjvpSTJUIS2kAgFc2AAEAZCESpEJDY3Vnd0VjS3M1U3EABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABQRBPG5ZvdojwQrf8+QT0UUl+pOj4AoAAQCVNkR"}
00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1687685003855449,"pkt":"CL6sCxduJjb1W8R1CABFAAC5qb9AAEAR4enAqAycjvpSTJUIS2kApae7Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79U8QvlMKD8CG3V6IBJXGiID2FZCQNFMTf8XUxGUuriccAAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="}
01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003855449,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003867991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003867991,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASHlbAQEALCESpEJDY3Vnd0VjS3M1U3EAIAAIAAG5anwxD5MACAAUwCCc9hgGT3NviGnhjeZxerIm0rSAKAAEHcTQ5Q=="}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003871067,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASNxmAQEALCESpEJ5eUQvQ0MySmgwQzgAIAAIAAG5a3wxD5MACAAUaD29YF1YYGCxoofK6W8JUGRlPi2AKAAEqdOw\/Q=="}
01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003874645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1331,"midstream":0,"thread_ts_usec":1687685003874645,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61","blocks":0}}}
02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685004461444,"pkt":"CL6sCxduJjb1W8R1CABFAACQqfNAAEAR4d7AqAycjvpSTLFYS2kAfJPgAAEAYCESpEJGRUJQYzFVQThCU1AABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFJQqoiZNzooLvSeLzTVTKlh5edo9gCgABHuCmMA="}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004479004,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASO9LAQEALCESpEJGRUJQYzFVQThCU1AAIAAIAAG5a3wxD5MACAAUZp5QRw5NXPsy5Qrlhatah3HbNzqAKAAE\/XolSw=="}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685004552860,"pkt":"CL6sCxduJjb1W8R1CABFAACYqfxAAEAR4c3AqAycjvpSTJUIDZYAhMEOAAEAaCESpEJkZjhUNVpmTjU5SmwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAU\/8e7e1q7nO+JanZDE+IEZSthIJKAKAAEX0MtGQ=="}
01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004581588,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASCeyAQEALCESpEJkZjhUNVpmTjU5SmwAIAAIAAG5anwxD5MACAAUknV2wFqXEiEKuyN60myVdsDzL\/aAKAAEo4ih3Q=="}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004584424,"pkt":"CL6sCxduJjb1W8R1CABFAACUqf9AAEAR4c7AqAycjvpSTJUIDZYAgLy7AAEAZCESpEJJam5UNEJmQVFiVEMABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTB+QY1ErQZS1eZfETcnOWmhQrDlIAoAAQyeiKC"}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004602242,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASIipAQEALCESpEJJam5UNEJmQVFiVEMAIAAIAAG5anwxD5MACAAUNyYqXJb8YAlyLHDvuycWYeMvOtaAKAAEKV9M7g=="}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004641696,"pkt":"CL6sCxduJjb1W8R1CABFAACUqgBAAEAR4c3AqAycjvpSTJUIDZYAgPdGAAEAZCESpEIybDZuYTBpandaOWEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTU+ZYmIa5GK5iS7Yttc1wYBV3aaIAoAATzHAuQ"}
00967{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004774208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":729,"midstream":0,"thread_ts_usec":1687685004774208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685005044008,"pkt":"CL6sCxduJjb1W8R1CABFAACYqhVAAEAR4bTAqAycjvpSTLFYDZYAhPO5AAEAaCESpEI1dDZmdW80dXd2ZFEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAUwxd71h3E7agGXCWb8vXAdS7WxdiAKAAE3AMc7g=="}
01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005074246,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASDkIAQEALCESpEI1dDZmdW80dXd2ZFEAIAAIAAG5a3wxD5MACAAUKJAPNrjYz21z+bHY5KMtFb5duTSAKAAE5XSGkg=="}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685005134784,"pkt":"CL6sCxduJjb1W8R1CABFAACQqhdAAEAR4brAqAycjvpSTLFYDZYAfBEPAAEAYCESpEJMdTA0T2pTbmZiWUwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFCDz+0pfbrz6PIl8RjxJCBwiBtxogCgABB6deew="}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005152424,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASIG9AQEALCESpEJMdTA0T2pTbmZiWUwAIAAIAAG5a3wxD5MACAAUuQ1+j1g08fL3se212BIsEXEi+UiAKAAE2tP0Qg=="}
00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1687685006880453,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685006880453,"pkt":"CL6sCxduJjb1W8R1CABFAACQqo5AAEAR4UPAqAycjvpSTLFYDZYAfBw7AAEAYCESpEJkc3FYeGtnZGhzUlgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFPlpNUakcs8YpG4lPzhlKqXBYvLJgCgABLD\/\/FE="}
02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685007476840,"flow_dst_last_pkt_time":1687685007173710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":977,"midstream":0,"thread_ts_usec":1687685007476840,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":286,"avg":178865.5,"max":1000041,"stddev":232359.1,"var":53990768640.0,"ent":4.0,"data": [28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252]},"pktlen": {"min":68,"avg":110.7,"max":565,"stddev":85.7,"var":7337.9,"ent":4.8,"data": [152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]},"bins": {"c_to_s": [0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0],"entropies": [6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012276569,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwhAAEARi3TAqAycSn2Af5UIS2YAHLudAAEAACESpEJId3pvTWRNK3NxNSs="}
01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39032","multimedia_flow_types":"Unknown"}}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012277026,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwlAAEARi3PAqAycSn2Af7FYS2YAHH+BAAEAACESpEJ3NDhicURMWGJEVmc="}
01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39033","multimedia_flow_types":"Unknown"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012293995,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKHUhAQEADCESpEJId3pvTWRNK3NxNSsAIAAIAAG5anwxD5M="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012294220,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKDkEAQEADCESpEJ3NDhicURMWGJEVmcAIAAIAAG5a3wxD5M="}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022297743,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022297743,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNNAAEARianAqAycSn2Af5UIS2YAHKJSAAEAACESpEJyZU55VnlHRHFRT3A="}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022298017,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022298017,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNRAAEARiajAqAycSn2Af7FYS2YAHLRsAAEAACESpEJrNHRjRWNhcTQ3NlA="}
02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685041837696,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1864,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685041855156,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30238,"avg":2374349.5,"max":8437597,"stddev":2513707.0,"var":6318722646016.0,"ent":4.3,"data": [30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856]},"pktlen": {"min":92,"avg":118.2,"max":152,"stddev":26.3,"var":690.9,"ent":5.0,"data": [152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92]},"bins": {"c_to_s": [0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01140{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01129{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01140{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1697468935898948}
00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"}
01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468935925806,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUH7UBAQA4IRKkQmtPaTNJMjc0OHB2QQAgABQAApMWAROvRWFyqCEBkyegKldeXwAIABRao\/B2snGHws1Zgw4ooYPYdfXECoAoAARLYFXf"}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1697468935980588,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":182,"pkt_l4_len":128,"thread_ts_usec":1697468935980588,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIARQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCAlQsAAQBkIRKkQklKWEltb0ZTakFCeQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACUAAAAkAARufyj\/AAgAFNZu6Oob5xGMQcSQb\/xSO\/LQem81gCgABOAjV\/w="}
00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":219,"pkt_l4_len":165,"thread_ts_usec":1697468935981271,"pkt":"ILAB4IZieq+3+1HBht1gC69IAKURQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCljD8W\/v8AAAAAAAAAAACQAQAAhAAAAAAAAACE\/v1yUTxW+i8++bcAq\/9RTCU282o\/zwxzeEvd2cieXfMxQgAAABbAK8AvzKnMqMAJwBPACsAUAJwALwA1AQAARAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAJAAYAAQAIAAcA"}
01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1697468935981271,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936000252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468936000252,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUSZIBAQA4IRKkQklKWEltb0ZTakFCeQAgABQAApMWAROvRUN3mVslzlbHeGZqZwAIABTbqKo9M\/yTuZazw\/cuDuO8mJiCI4AoAARaF4V+"}
01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936003277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1355,"midstream":0,"thread_ts_usec":1697468936003277,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31","blocks":0}}}
02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468936037339,"flow_dst_last_pkt_time":1697468936047117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1148,"flow_dst_tot_l4_payload_len":6916,"midstream":0,"thread_ts_usec":1697468936047117,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9243.9,"max":81640,"stddev":19965.3,"var":398613152.0,"ent":2.8,"data": [26858,81640,683,74446,3025,28042,16509,24776,333,0,0,0,0,0,0,0,0,0,0,0,0,0,11517,15951,2780,0,0,0,0,0,0]},"pktlen": {"min":85,"avg":300.0,"max":1251,"stddev":206.9,"var":42788.4,"ent":4.7,"data": [172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308]},"bins": {"c_to_s": [0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.951032162,5.736715317,5.834187984,5.024463177,5.864942074,7.322808743,6.692216396,5.868327141,7.354635239,4.724500656,7.025775909,7.078637600,7.104609966,7.082355022,7.017282486,7.010787487,7.078490257,7.062924862,7.034311771,7.109773636,7.020790577,7.051887035,5.674198151,5.651331425,5.745950699,7.084123135,7.055697918,7.005239010,7.013784885,6.117315292,7.010463715,6.985410213]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":118,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468936608486,"flow_dst_last_pkt_time":1697468936233176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2833,"flow_dst_tot_l4_payload_len":28881,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1697468936608486}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 362/362
~~ skipped flows.............: 0
~~ total layer4 data length..: 56433 bytes
~~ total detected protocols..: 7
~~ total active/idle flows...: 7/7
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7510145 bytes
~~ total memory freed........: 7510145 bytes
~~ total allocations/frees...: 126305/126305
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 551 chars
~~ json message max len.......: 2277 chars
~~ json message avg len.......: 1413 chars
Powered by cgit, Themed by Ted Yin.