1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="}
00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648032334213678,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213678,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334318608,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1648032334318608,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACg1lZAAEARyaXAqAwBwKgM\/0RcRFwAjFAceyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNDEwNzAzNTIwMDMwMzgwNzA5MTc5NzYyNjA1Mzg1NzIwNTQ5OTksICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334318608,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336009920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336009920,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336009920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336009920,"pkt":"CL6sCxdumt9Y+uvcCABFAAA88YVAAEAGPu\/AqAyplZqnW5Q8Abt0xEFmAAAAAKAC\/\/\/nNgAAAgQFtAQCCArE7EVxAAAAAAEDAwk="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336009996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336009996,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336009996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336009996,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8iT5AAEAGpzbAqAyplZqnW5Q+Abv5z7A3AAAAAKAC\/\/\/zSgAAAgQFtAQCCArE7EV+AAAAAAEDAwk="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336020865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336020865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336020865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336020865,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8ocRAAEAGjtjAqAyplZqnM7cOAbtHtY5HAAAAAKAC\/\/9zlwAAAgQFtAQCCApovtLCAAAAAAEDAwk="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336039036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336039036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336039036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336039036,"pkt":"CL6sCxdumt9Y+uvcCABFAAA85gJAAEAGSprAqAyplZqnM7cSAbs3E+VPAAAAAKAC\/\/8tGgAAAgQFtAQCCApovtLVAAAAAAEDAwk="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336040673,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lDyVOI9MdMRBZ6AS\/\/\/aeAAAAgQE2AQCCAonSsG9xOxFcQEDAwU="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336040727,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lD41gWDX+c+wOKAScSA4BAAAAgQFtAQCCAo1hn46xOxFfgEDAwU="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648032336041683,"pkt":"CL6sCxdumt9Y+uvcCABFAAAoAABAAEAGMInAqAyplZqnW5Q8Abt0xEFnAAAAAFAEAABZdgAA"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336041933,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336041933,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0iT9AAEAGpz3AqAyplZqnW5Q+Abv5z7A4NYFg2IAQAKzXIQAAAQEICsTsRZ81hn46"}
00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336042221,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1648032336042221,"pkt":"CL6sCxdumt9Y+uvcCABFAAFNiUBAAEAGpiPAqAyplZqnW5Q+Abv5z7A4NYFg2IAYAKw4fwAAAQEICsTsRZ81hn46+Lk1fQH\/auTy5DqAZnRJsTQlVXb3tGXJRLqxvKQW6crH1iDPeN\/8Btw52lhMm0Ir3VpqEhzSpNaNPlr3o1wuzMiaC+NevOVQf99nPw+BptAPG44HrHZjkRGXpUbf\/9POtouGGHiyyBpqEFEiUgPuvQcj824Y\/QguUQPxQem7WqbCtc+WCJ\/S3Dl\/Br9w2EPC7H3hTz+\/0Yu8av9aU6k0\/uNw2Mar9ONynRbonUDwhOAwj91YVyRjTQBeaUlE+FgOh367MdRuXw9Hor5aOx2KYfvdnT5reoT+eZN9Oxqgj7LqJKoPz40UJWBvVe+PDZAjxJKri48+dx2kcKXZj3cv8P9HPjdnXuXGoN8SnZXGoAqGfFFOyQLwWD4="}
01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032336042221,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336042221,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336051278,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPp2VmqczwKgMqQG7tw5qdtt4R7WOSKASX\/CpRQAAAgQE2AQCCAp4wqx+aL7SwgEDAwU="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336052412,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336052412,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0ocVAAEAGjt\/AqAyplZqnM7cOAbtHtY5IanbbeYAQAKw2WAAAAQEICmi+0uJ4wqx+"}
01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336052663,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1648032336052663,"pkt":"CL6sCxdumt9Y+uvcCABFAAGNocZAAEAGjYXAqAyplZqnM7cOAbtHtY5IanbbeYAYAKw1DwAAAQEICmi+0uJ4wqx+Acn3RSLLd3YEwQjF80nH3tE7HHvyyAHjEePwuQq\/575o6YQsFu5J6aDYIaSg18SI4pejEeXwg0TzQ+ju+Iy4K4LC0o\/TwgCSPT1sd+HH9dnEuSXeyHecF3rTZIJjgvJc0xVveI\/5+K+6D3aoQ39o0bDbSum5\/7LSkWQlXsTK522MbUY+t13nvpi59H+3qU\/UFmtDccIFw4YaCx+RwjTnfDXuwKhWV5Ihb+1HAXdEnxPVR\/us28QCbaj0OqUrXtEnDOWu5qKgIwNO5+6dMUcrqwzbCZ5FkbQ7\/6W+NLmOZbDkqhpGHCOQ1\/baX5RS9ebeZ5pkktoOfCJoi8Of3CJuL4aa3hlu3J\/tS92rZ++2LnWpqY5FoX5kYdvJSYDEf3JaRIsu6440+SahTn\/xw1yNvKSURCVogQAxmwI9oyFPbXL3hqK\/A4p8y5PrJDEDcJxBAA2\/82XmZU4O"}
01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032336052663,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336052663,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336069751,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPp2VmqczwKgMqQG7txI\/0JvTNxPlUKASX\/AtqQAAAgQE2AQCCApqXFpPaL7S1QEDAwU="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336070840,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336070840,"pkt":"CL6sCxdumt9Y+uvcCABFAAA05gNAAEAGSqHAqAyplZqnM7cSAbs3E+VQP9Cb1IAQAKy6uwAAAQEICmi+0vVqXFpP"}
01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336071153,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"thread_ts_usec":1648032336071153,"pkt":"CL6sCxdumt9Y+uvcCABFAAGd5gRAAEAGSTfAqAyplZqnM7cSAbs3E+VQP9Cb1IAYAKxMJQAAAQEICmi+0vVqXFpPqOdZfkxQG0lUQxGTpMmM6MVDuBW36bevA2befI\/W7ia6zYPsveEXr3q4MtOgVqu0kagEgqrVloX7VQeiYuqGx6wKkwiM9IJRyeJBWfKRaLOc4X\/xaBMeGCrM5E\/XnbMcmpKlOihCex8SqfoljNAZCXSb6lXMijzIzVErA4hkXdzgSoHdlzqQy8vCUsslNAMrNdnQFVu\/dYvCrf90305joJO5gMiZDr99z53GMk2oM82PanfcuYq+2FWrNu91fsvhbPDL+74IE4xtx1cY6aFSmHaP8tvUvNKnL2Hk2Lv5SZmwdaVl9tcBi6Obbkmfoi\/vM45qioUY3jdwnRWmkoGfNtZHDGtRCR+oyvb7Es1ZDLz3hBeBpS1jZdrVs+67gNMR\/\/nFSp5rOKWdQDtaHCiVXpBnwk5EGd\/KNzsXiAZ+HXkjHHB1m2AwzTL0eSp6h+xzTexxbdp3xKnflRrA1L6XVWG884n2ZLf3bA=="}
01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032336071153,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336071153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336042221,"flow_dst_last_pkt_time":1648032336073733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336073733,"pkt":"mt9Y+uvcCL6sCxduCABFAACdHppAADIGH3qVmqdbwKgMqQG7lD41gWDY+c+xUYAYA6uidgAAAQEICjWGfkLE7EWfmACPBozpETqrykECQNJkjhVFOCt8I0tETutuMSvkgCPiIPkCQ0cSt4ItJVu8hYFVnhU4pvChFtXnjX\/3M0B9m3lohUf0NpYS6Ceo8adtOAqrBqThNPEJVCh5d3Q6wA0OPVsBgWUJ2lBg"}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336052663,"flow_dst_last_pkt_time":1648032336083442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336083442,"pkt":"mt9Y+uvcCL6sCxduCABFAACd6sBAADIGU3uVmqczwKgMqQG7tw5qdtt5R7WPoYAYA7JkYAAAAQEICnjCrNVovtLi90WQuFvsfkC+tB+Wj\/PnPkfWnjrPdjtws4rEHFuvErWFyi3AdO+hzQLvKUcxSSK4fgiGUe2pd2QXamoPEtJ3IBvYTrXPphVIAcXe93dS4oYpgdpX9Sqx4ffOTKtEbAmeq8QJ97k1FWIz"}
00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336071153,"flow_dst_last_pkt_time":1648032336100887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336100887,"pkt":"mt9Y+uvcCL6sCxduCABFAACdzSxAADIGcQ+VmqczwKgMqQG7txI\/0JvUNxPmuYAYA7ItYAAAAQEICmpcWqhovtL13B24eIMJT8gSFmaZGCQPVAqlDuUI26yj4odks4G0NiQPEB3JOQcLd\/9JgWGIarA5LugJyPSwIZSUaC0ONvP5EXDjqmqbQthPmbt9X1mCGzZ1UIV0TAI8NQMksDVEscXUtBa5wziv50Je"}
02322{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032336391148,"flow_dst_last_pkt_time":1648032336391586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":2636,"flow_dst_tot_l4_payload_len":13025,"midstream":0,"thread_ts_usec":1648032336391586,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":24604.6,"max":126888,"stddev":31047.4,"var":963939136.0,"ent":3.9,"data": [30731,31937,288,33006,35575,10197,44497,8215,4395,4095,48658,1376,3118,6445,36520,17815,50889,88402,126888,78673,32858,54,22,21,65506,275,2211,37,14,12,12]},"pktlen": {"min":52,"avg":541.9,"max":1280,"stddev":516.1,"var":266324.8,"ent":4.3,"data": [60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280]},"bins": {"c_to_s": [6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1],"entropies": [4.759215832,5.200119972,5.156889439,7.326955795,6.678098679,5.118428230,7.754227638,7.716340542,7.727574825,6.586546898,6.619811058,5.118428230,7.671398640,6.924524307,7.207767487,5.154968739,7.392677784,7.317721844,5.308815479,6.654307365,5.270353794,7.858087063,7.839837551,7.851624012,7.845353127,5.195351601,5.195351601,7.846577168,7.826389313,7.858784676,7.859879017,7.849138260]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336638090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336638090,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336638090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336638090,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8r4BAAEAGgHHAqAyplZqn3p9+AbuMNAhoAAAAAKAC\/\/9LuwAAAgQFtAQCCArq9NCtAAAAAAEDAwk="}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336639074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336639074,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336639074,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336639074,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8IZRAAEAGDl7AqAyplZqn3p+AAbtmgchnAAAAAKAC\/\/+xawAAAgQFtAQCCArq9NCuAAAAAAEDAwk="}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336668166,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n34c3\/UDjDQIaaAS\/\/+hAwAAAgQE2AQCCArrLK526vTQrQEDAwU="}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336668213,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n4C7jM8hZoHIaKAS\/\/\/p3gAAAgQE2AQCCAry50rF6vTQrgEDAwU="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336669461,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336669461,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0r4FAAEAGgHjAqAyplZqn3p9+AbuMNAhpHN\/1BIAQAKzOJgAAAQEICur00MzrLK52"}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336669640,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336669640,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0IZVAAEAGDmXAqAyplZqn3p+AAbtmgchou4zPIoAQAKwXAwAAAQEICur00Mzy50rF"}
01341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336669773,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1648032336669773,"pkt":"CL6sCxdumt9Y+uvcCABFAAJ2r4JAAEAGfjXAqAyplZqn3p9+AbuMNAhpHN\/1BIAYAKx7RQAAAQEICur00MzrLK5265xT+Amd4bw1tgbuswVrSsrG7xnH9KXn7ftOCfplW+DxZv6clJQOVM5M4r9laOtg6yvFIjhZDCnpdsf1U3z5\/LNafiD+EqeoerOZ1mv2no0EeSwo+BVjvcVB0CzwQdjedpaUonlISJ9Bwyp1H6UbXd4tT+O3XyVSJRoYpa\/TiARRT2Fih6dwJU9R6geBaOKDCtEkDjE91c3VND1scge9i7Y3eE+HimfChV2BOZO0ibqr6zVxBQVd2gBGIQV7F+Ou8rEw5naQ78B1kflhU5bLTRSwMRstUe\/egGthMG451s+4oAHMpXgiN5Oq4zsD+fl+8b02irsVRkOFycX2ijuNK5afSQSHhaNZzpSrFYwrYve3J50muI+7V45lEiRDiHV1NmgifYHl4Xu0g59V6U+FGhisrrMTA3U\/GijteIB\/HCHDxnEyfaMkm5S7RlJMRBHGCOp556pnjSLfhymbwTAtnBZwgbbSKhVJHKyWXLRFrUKENnZmPYTyx9jua64PCVJhnisT4LI3BMJLk\/+O06mDS3EKidxY244V4hZRB8h3lEuZ\/32BPbIwnOiUau7zNgdSs5pdQ4Tlrt\/luu5K15dMXHLaIPwPB\/7ZywXc6yJugN9nJItgx27ZnS\/nzub+amCc1UVEQDAGalubPQ9fTlCcLVKkiSotULYsBrKWcKtMNKMBgUFNqkuaFeW4JwEL98cDmQItpIKiMLFQVvftleQ25BlPfD+Yxwekl6AHZwqRjehfghUZtcN9e0PlyQ0FWyjmYMo="}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032336669773,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336669773,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336670120,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1648032336670120,"pkt":"CL6sCxdumt9Y+uvcCABFAAJ2IZZAAEAGDCLAqAyplZqn3p+AAbtmgchou4zPIoAYAKxMAAAAAQEICur00M3y50rF2xUPE660qY9dKIFFLL5gUER0BNI8q010zwwg0h7ubLbHg3S1hI384usbwQ+TWc7bnGObvQrHO0zjetxxb6WcIs7Ll\/+z\/76ZfJeOqczhtzsYvOa8WtmiA8yK\/iV4j2WaHkAPapRnttJd5obxql25rwy3Y1O5lRwhnAqhXZRD7zZw2Km3dXUFzYLAzIa1Ib2PLPz0Je9PK7y9eb6U5maaNJ65av5haZl08YVHdSBCRNawHMw2nmxBNl+YtQ3lUxZBQU\/Hi71mcjL1bY7MW1\/WWITFmb3qq\/JsRL2EqX\/\/2Dhm4EKRFjzdBsVgUGbA46xhEy9eImVljw5Y4Ez1qmGAwfOysulQvl3H2UX32n8wZ1mhPfW\/ROPmX7l\/rFTDUpFm7\/ruJ1Xa7kClWiBnobyITIPI7E8f05acG63LzNaV8WbTk4p82EupleEk7c7ERIYADgneHEXYp+t8eEzwIQ+EUgQ3VDa85bNhWtWhyKdlki0ATkHKSccq2KaXdKItRH1eT5n4ST3HK5MAmhWwL6+Nj7C4HnMFrCd63mQNUBuRu8BKz\/cArIDYyZBPfp0PF3Ub4pzxvE872uXQ36WQc8JkbJO7Oxgyayyk1lZ0HsrCTbSikOnHWbMgQrENwjkFfE+EZ29Scne6K1ihX5u9uBaoc3cCUIRB4vBz\/WfH4B47kyMkPGEtdJ24hJQeprcXc2M8LpLn8cF8wdWEZFv3XSVJFlwKBLK5QlXN8wgEBvct\/vfDfsDWMpoGZ67twmj5AULDqQQ="}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032336670120,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336670120,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336670356,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1648032336670356,"pkt":"CL6sCxdumt9Y+uvcCABFAADdr4NAAEAGf83AqAyplZqn3p9+AbuMNAqrHN\/1BIAYAKxYmAAAAQEICur00M3rLK52Duk6tUhKiSGG2CFngBNHmD8+kTodND5JR0qWFZneYBdPkSs5H1dWnPQxIahgpKqh2FMTkqmTZWVYjlwHNs+GerGTusvZnUsJH6odqOl5bynFphbIkO5m9pWSmc\/jH5GDVlDEOzN6Wvb3iV6\/8Xls+SQlBF\/s+eswgzH32F7dDb1ebmVA5k2+pbKAkoP5ndRI47AZ0IjAHkfmS7\/lePCxEZgGV6lta3XzvQ=="}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336670120,"flow_dst_last_pkt_time":1648032336699775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1648032336699775,"pkt":"mt9Y+uvcCL6sCxduCABFAAEGJC9AADIGGPmVmqfewKgMqQG7n4C7jM8iZoHKqoAYCCX2\/QAAAQEICvLnSuXq9NDNU+5Tl1kRkQL1NNlVBHvAtd79kbOqhdqcsqSzP8pBmjtGNAYuimGAuwftlaLulSARk+H9Y+zA2G\/rtAJcW3Tl9cJ10k9v6p9plq35O9gV+aeoCMJUIVBlKthzibmyeZO0WqCNEj+pHzeoplsryOU82UercykbZGfQAaw648XkXFUXHo4+MK+WquSkkuuEMciRsdJ+O\/UXTxxokBxpxoUyP7z+fuArXERa0glUahDJ+xbFCASWMyl5258x\/HUQiEX\/90HGBMr5U2y+ThE+bpWGUxBH"}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336710519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336710519,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336710519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336710519,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8LBBAAEAGA+LAqAyplZqn3p+CAbvM4p88AAAAAKAC\/\/9z7QAAAgQFtAQCCArq9ND0AAAAAAEDAwk="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336741353,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n4IlEusOzOKfPaAS\/\/87rwAAAgQE2AQCCAqQb5h86vTQ9AEDAwU="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336742441,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336742441,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0LBFAAEAGA+nAqAyplZqn3p+CAbvM4p89JRLrD4AQAKxo0AAAAQEICur00RWQb5h8"}
00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336758992,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1648032336758992,"pkt":"CL6sCxdumt9Y+uvcCABFAAEtLBJAAEAGAu\/AqAyplZqn3p+CAbvM4p89JRLrD4AYAKyl\/AAAAQEICur00SKQb5h8Y\/xwWuqDt5ukxIf9Y70g5p9e8OMSJem5Jzy7qIpRaWvhqZo5OlmmTgf19UXt0ncT2GgHBAzpdiDzGn482pqyTG8Bd8lt8AmHVf6BBxAuGa0tpmE3A7f4LLKQKjsHXP8qpGEtUo09rFYdyiAAo7byEuQjO9PGPCPuXTI3cfxtOqyghpwChB0FcGWukqIuk3jRFsoh\/ZyMbjE3WHJdGTQLa5PrwxUtv32a7rkjZH6W86GFhjrjV3TGeUWFGUhCExY6LRIf773nGQvhAQnkpto8Wzl64XJtBAXIjoL7KawOf8k6FN7giOAtp3YnYvgBu7k0Sng1v+G2eTyO"}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336758992,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336758992,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
02298{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032336766698,"flow_dst_last_pkt_time":1648032336786651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1261,"flow_dst_tot_l4_payload_len":17676,"midstream":0,"thread_ts_usec":1648032336786651,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":8940.9,"max":46767,"stddev":14845.6,"var":220392240.0,"ent":3.2,"data": [30076,31371,312,583,31529,37,19,34994,157,6898,41656,13027,44,22,16,15,16,23,15,20,46767,55,14,127,880,6450,31944,44,19,13,26]},"pktlen": {"min":52,"avg":644.3,"max":1280,"stddev":571.9,"var":327061.8,"ent":4.3,"data": [60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280]},"bins": {"c_to_s": [9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1],"entropies": [4.759216309,5.233454227,5.156889915,7.660384178,6.987750053,5.217375278,6.765834332,7.120079041,5.195351601,5.156889915,7.396682262,7.101703167,7.850454330,7.853686333,7.825681210,7.871449947,7.830209732,7.847279072,7.843949795,7.808338642,7.841329575,5.118428230,5.156889915,5.118428230,5.118428230,5.156889915,7.139685631,7.851319790,7.844550133,7.850350380,7.835945606,7.848772049]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336758992,"flow_dst_last_pkt_time":1648032336789143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":750,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":750,"pkt_l4_len":716,"thread_ts_usec":1648032336789143,"pkt":"mt9Y+uvcCL6sCxduCABFAALg2Q9AADIGYj6VmqfewKgMqQG7n4IlEusPzOKgNoAYCCKvOgAAAQEICpBvmK3q9NEiosjJHTrlxopJRfmPmY2Zfo5bL0c66QGbHaldi0InLNbbwGAMkdVCp1vcW3WYbBCCjxlHeZ6tsbqJGuuUpChwcUkjoYG\/S4wdWIynj0dE5aGTV6TRLWIAQTtrg\/yhaV4nYkiscetugpCrDxvppRWUBIvX7V5ymZTxVA1mZ0Q\/KhJvX\/61P76g2wnMuTVtO0fi3VmR0DT3YdgQcDPckngwi4tZuvvQ4HWMFCuaR1kzQg0VsnL7TJTnAPbzvfG109LPHA\/tFUsjQ9yy2XVcY+HlVTYP7lTjTc4+U2iS9nlNnCLJDihe44PqiZo9w4pEbYwQTzxpRL3xfJRjIKVtT7jAnLagmMBaS+WDR9XSP90N2L0+EX46nbeE4aszLqZ6WNQp7FNqadoeF1Wn8kkWSj6BopCqua+BuREVR7z+KYPCgCVX3ZJ7iiAdbXnmBHudQPZCa\/qRqPLZqvYGgHvBF5N7hZPViQvKv0PemTkmByoNe3UdPKmKVuAuUX7zEYiFjJVh2PgMKKGdwgHsnMsmymWQ3uJN01VkGHOkgi2o\/ytLQw+X6aUf3jrmZmw5PA4uLdO50LBphkV6nJP02wtXPO5pQGhoRjJKnXEB\/0dzXgpLNa41Yp+mwHozcz9iqXAFhULw9I47YZNYuGP4fEpt0ePPQYirm4dq+CzkvHb1KLqf5udLx3iB\/2N59qNuIo\/gQ7jnH\/IJ\/ezym1prytC+owCYQN8ge16Mv4Nbh+nQ6YzeWS55zSBUIhXk9oOG90ABf39FnIYxMVwz3xL3E+V3C1UlIz+YS1PvAH9mb3k38CPeqzWqrGhpsDdNdsCS+JD2i3dFJh1mJhq3tYfG0xgG3Bvwbja1H8IseQtJz4OhgviUvWyXvFpcm6uCPRvuXrz+\/ARrYbP1eT9ag8S04NN2"}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340008639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032340008639,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340008639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032340008639,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8En5AAEAGHffAqAyplZqnW5ROAbvkjnemAAAAAKAC\/\/8xbgAAAgQFtAQCCArE7FUdAAAAAAEDAwk="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032340038305,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lE5E3r5g5I53p6AScSD2kAAAAgQFtAQCCAq54gyOxOxVHQEDAwU="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1648032340040339,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032340040339,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0En9AAEAGHf7AqAyplZqnW5ROAbvkjnenRN6+YYAQAKyVrwAAAQEICsTsVT254gyO"}
01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1648032340040654,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":532,"pkt_l4_len":498,"thread_ts_usec":1648032340040654,"pkt":"CL6sCxdumt9Y+uvcCABFAAIGEoBAAEAGHCvAqAyplZqnW5ROAbvkjnenRN6+YYAYAKzOyAAAAQEICsTsVT254gyOcbYq7LMguMBsrk6eKib3Up0RH30h3W1zb2wH8B2idZVRDxPs21dKHtu0F3\/VKJPTio75mHfryQ1aF+WhJFmPHkAhwkfZGJc6YWdnGdm0TTFPj+8j+josJk3MO5No1usk4BU+sExfSsJMxNyXMSnMpC4l165WSC1WhbCbohkimGSzOB2bmZ+3YFlUiZOIVjRXGTiNidSSNrAGZH2buxxnWGLdjkw4MImPvDLdIoPert9UJDqJ9CelzdbviB4uZhAhw4czATXjx3oK\/Hvl+I3KrYjh7QauixcJWf3hjelOzd6hLIr1WtWrBRqe4d+XSsV7hI7NoMIdv6SYjP9S\/zBXP1XpzkOP+E4DzbWmEF3jr0W5hHkkT89avdN0Iagf\/wxF3rwBmk7xpyXlhs58YA\/Pumq1O8BoH8bLbhirh36qNE\/vNegve+zRG9g8MgJuTDDKQvmLsuc2fQpHRwXXYLNdSrHcMFplzD2mcUSZmmrMR904KgFv3qpAPVk1D5KjQZ6rmGFlzqVNCIzoehqA+YeZQPu1J7Ry2k3tVXrtzhulAf9Z6q2M475p+YmGtRhz59n08sVDrZVPimuVNBW+xim5u2U94GGLdpmfGHF5hjo4oG4Chw=="}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340040654,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":466,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032340040654,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1648032340040654,"flow_dst_last_pkt_time":1648032340071167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1648032340071167,"pkt":"mt9Y+uvcCL6sCxduCABFAAE2svRAADIGioaVmqdbwKgMqQG7lE5E3r5h5I55eYAYA6skbAAAAQEICrniDJbE7FU9Ox8w2jsi1XA8SutSnpGd+2vrapwLJDtdlR3smO0h5FRfZ2nep7hBWFf1ITh+59STbADxPeHHEhHZzmhvQYvcTeWAI2OX9rWHVg9zUcDl4xHA7RsfO6G1pNtp2L2skYgNgJRvV\/JC8inYa9EsgkrZyycBe0t3MFq7wjvXcBEKXn\/ecuh4BlBavkmWM14\/58mUb1omDl2IaaptzaLDTA6ugToypJypAh9\/e0g2VZ5E7\/NqcbQzxCRXaEwGmBP7EcYt2UfDTIq+9Wr3xXrzWLeUz+sMin2jQec7jbHpvgK+tcA0tqsywfEHAxippv1nLLoa3yKCh70jwx6x70utiIA\/911d"}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1648032352156412,"pkt":"AQBeAAD7CL6sCxduCABFAABJPd1AAP8RkCHAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"}
00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524693,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5hAAEARsUTAqAypW2wJI5\/KBXgAHDtQAAEAACESpEJIMnFVQ1lxbmo0T2k="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524739,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJRAAEARBFXAqAypW2wNF5\/KBXgAHHQdAAEAACESpEJIUHBYOFJCa1BTZ3I="}
01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524758,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhapAAEARe1PAqAypW2wRAp\/KBXgAHEVfAAEAACESpEJ6MlBsUVQ4ZXFBUGU="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524853,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5lAAEARsUPAqAypW2wJI6TVBXgAHErTAAEAACESpEJkbkR6YnRjOCtUeXU="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJVAAEARBFTAqAypW2wNF6TVBXgAHA1WAAEAACESpEJySFdkRXFhMm8xbWY="}
01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524980,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhatAAEARe1LAqAypW2wRAqTVBXgAHD1nAAEAACESpEJhWUs4ZHp0RDFIYlM="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554802,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/lAADIRxqNbbAkjwKgMqQV4n8oAXEAzAQEAQCESpEJIMnFVQ1lxbmo0T2kAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATBooRE"}
00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554820,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/pAADIRxqJbbAkjwKgMqQV4pNUAXBWkAQEAQCESpEJkbkR6YnRjOCtUeXUAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAR+XQGa"}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353559621,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V55AAEARsTbAqAypW2wJI57DBXgAJBZLAAMACCESpEJHRnE0WVpwcXk3QUQAGQAEEQAAAA=="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353561154,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJZAAEARBEvAqAypW2wNF8IDBXgAJEywAAMACCESpEJLQjVlaHNjb05HRFcAGQAEEQAAAA=="}
01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353562490,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbBAAEARe0XAqAypW2wRAsJ0BXgAJDsLAAMACCESpEJFS2c2dEFDQVFCNysAGQAEEQAAAA=="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353563617,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V59AAEARsTXAqAypW2wJI5PZBXgAJDwFAAMACCESpEJzL2NkT3M5d09DczAAGQAEEQAAAA=="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353566545,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJdAAEARBErAqAypW2wNF5KaBXgAJGk9AAMACCESpEIvdUUyY2tqRkhzZzgAGQAEEQAAAA=="}
01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353568287,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbFAAEARe0TAqAypW2wRApJEBXgAJEOkAAMACCESpEJXdzMwem5Vb2lRUDIAGQAEEQAAAA=="}
01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592239,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAFAADIRxpNbbAkjwKgMqQV4k9kAZPzIARMASCESpEJzL2NkT3M5d09DczAACQAQAAAEAVVuYXV0aG9yaXplZAAVABBhNGI2N2JkMTFmM2NiZmYyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABO5pXhk="}
01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592256,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAJAADIRxpJbbAkjwKgMqQV4nsMAZEcIARMASCESpEJHRnE0WVpwcXk3QUQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlYWIwNmM2ZGY2ZjJmYmQwABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABGO2Od8="}
01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594045,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6JAAEARsNLAqAypW2wJI5PZBXgAhCZ9AAMAaCESpEJFSFhETzUvU2I4WmwAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABSa2oTP+7Bjuk0YfAJVIWF1r6CZLw=="}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594670,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6NAAEARsNHAqAypW2wJI57DBXgAhH5NAAMAaCESpEJCSnNBNVVDNDVaczQAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQZWFiMDZjNmRmNmYyZmJkMAAIABQ3n8Ssx4zZQ2K\/+FBSUazQoV0PUg=="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UApAADIRxopbbAkjwKgMqQV4k9kAZBfMAQMASCESpEJFSFhETzUvU2I4WmwAFgAIAAHWO3p+rWEAIAAIAAEMd3w9RQQADQAEAAAAPIAiAAROb25lAAgAFDGrj6855gYmVWWfBmziWEVvbHJ9gCgABAsNSy8="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637618,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAlAADIRxotbbAkjwKgMqQV4nsMAZK7aAQMASCESpEJCSnNBNVVDNDVaczQAFgAIAAH76Hp+rWEAIAAIAAEMcHw9RQQADQAEAAAAPIAiAAROb25lAAgAFNHeh0AeJMWgFMztoIL3ae2C9iQ3gCgABLVApPM="}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353658379,"pkt":"mt9Y+uvcCL6sCxduCABFAABwWp5AAC4RvApbbA0XwKgMqQV4pNUAXGLAAQEAQCESpEJySFdkRXFhMm8xbWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAATYtphR"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353668244,"pkt":"mt9Y+uvcCL6sCxduCABFAABwWp9AAC4RvAlbbA0XwKgMqQV4n8oAXGSUAQEAQCESpEJIUHBYOFJCa1BTZ3IAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAT2q99R"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353672049,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYb9AADARrv5bbBECwKgMqQV4n8oAXCujAQEAQCESpEJ6MlBsUVQ4ZXFBUGUAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQpALNo"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353675084,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYcBAADARrv1bbBECwKgMqQV4pNUAXHVmAQEAQCESpEJhWUs4ZHp0RDFIYlMAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAS7Js+E"}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353693931,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqVAAC4Ru\/tbbA0XwKgMqQV4wgMAZCInARMASCESpEJLQjVlaHNjb05HRFcACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2NzMyOTkyMzg2Njc4NTEyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABG2eqec="}
01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353695557,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKBAAEARA+HAqAypW2wNF8IDBXgAhKOZAAMAaCESpEJBZEN4cW5HdEFGQU8AGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQNjczMjk5MjM4NjY3ODUxMgAIABRKYn5RRlidqeK90JE9dWYntqfWLQ=="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353698133,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqZAAC4Ru\/pbbA0XwKgMqQV4kpoAZPeaARMASCESpEIvdUUyY2tqRkhzZzgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3ZjJlMDdkMzhhN2Q1YThjABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABDZy+Rc="}
01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353700165,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKFAAEARA+DAqAypW2wNF5KaBXgAhB4eAAMAaCESpEI2L3k5MTJBekgxNVIAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABTXGOjRtHPJu2U2mkxXIuxzgoEzTg=="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353712008,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YcdAADARru5bbBECwKgMqQV4wnQAZOVuARMASCESpEJFS2c2dEFDQVFCNysACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5MjNjZjRhOTEyZWVjNjExABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABFPoPFk="}
01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353715592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YchAADARru1bbBECwKgMqQV4kkQAZK5TARMASCESpEJXdzMwem5Vb2lRUDIACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxMDliZmI2ZjU1NGFiNmFkABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABNveHo0="}
01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","stun": {}}}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353724990,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhbhAAEARet3AqAypW2wRAsJ0BXgAhOBeAAMAaCESpEJOYVAxRW84NkxIcTEAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTIzY2Y0YTkxMmVlYzYxMQAIABTpiYU0jQHbI6r9fZq35jAxaSIy6w=="}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353727618,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhblAAEARetzAqAypW2wRApJEBXgAhGZOAAMAaCESpEJoMWhNTlhETUJIWlUAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS50SfZ32flyf6YLkGd\/QoaStRrpQ=="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353827428,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqlAAC4Ru\/dbbA0XwKgMqQV4wgMAZNM9AQMASCESpEJBZEN4cW5HdEFGQU8AFgAIAAHSfHp+qVUAIAAIAAEMcXw9RQQADQAEAAAAPIAiAAROb25lAAgAFLgmrFOsF293H+j5NDMwvQveTpPagCgABNdIUvI="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353830219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353830219,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqpAAC4Ru\/ZbbA0XwKgMqQV4kpoAZLrOAQMASCESpEI2L3k5MTJBekgxNVIAFgAIAAGk4Hp+qVUAIAAIAAEMdHw9RQQADQAEAAAAPIAiAAROb25lAAgAFAQrWx0xApu7OPqs0BEvTiGNp9XzgCgABGn+fTk="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353874651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353874651,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Yd5AADARrtdbbBECwKgMqQV4kkQAZFfPAQMASCESpEJoMWhNTlhETUJIWlUAFgAIAAGtKHp+tUAAIAAIAAEMdXw9RQQADQAEAAAAPIAiAAROb25lAAgAFKZqEf90CTHzpfFMz5vo5sBQG9RPgCgABG5qQFs="}
00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353874706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353874706,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Yd1AADARrthbbBECwKgMqQV4wnQAZC\/uAQMASCESpEJOYVAxRW84NkxIcTEAFgAIAAGQcnp+tUAAIAAIAAEMdnw9RQQADQAEAAAAPIAiAAROb25lAAgAFF3+Rj5Hta+ica6d\/P9rht\/UDl8zgCgABKQP2Jo="}
00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353978197,"flow_dst_last_pkt_time":1648032353874706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353978197,"pkt":"CL6sCxdumt9Y+uvcCABFAACchcVAAEAReszAqAypW2wRAsJ0BXgAiIp+AAgAbCESpEI3MUdDb3hWZ0E3NDkAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDkyM2NmNGE5MTJlZWM2MTEACAAUAszBFpLQ4u7F\/QJhwRDKspnQbNs="}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353978986,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353978986,"pkt":"CL6sCxdumt9Y+uvcCABFAACcALNAAEARA8rAqAypW2wNF8IDBXgAiMkmAAgAbCESpEJ0UmRSMzVqcDhWL1kAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDY3MzI5OTIzODY2Nzg1MTIACAAUbtWKpYmT+PYhcRulJujD4geAPOA="}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="}
01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="}
01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="}
01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="}
01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1648032354168082,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354168082,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq6NAAEARVwXAqAypXSQNc6WlikEASKUEAQEALCESpEJnZHVuWHZ4blRHNEYAIAAIAAGrU3w2qTEACAAUIG4EHSxC102rwPqBEsHP66FXaP6AKAAEYOyISA=="}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354193397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354193397,"pkt":"mt9Y+uvcCL6sCxduCABFAABckphAADYRehBdJA1zwKgMqYpBn8oASHsvAQEALCESpEJMbE5LWHlWbCtGZlIAIAAIAAEMcnw9RQQACAAU5wiFHkDSFZpOYeIzmE3UX454Y5WAKAAEDXbTAg=="}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="}
01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="}
01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032354824070,"pkt":"MzMAAAACCL6sCxduht1gAAAAABA6\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAAChQDivgAAAAABAQi+rAsXbg=="}
00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354886306,"flow_dst_last_pkt_time":1648032354873460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":649,"midstream":0,"thread_ts_usec":1648032354886306,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":51751.5,"max":474673,"stddev":95446.3,"var":9109989376.0,"ent":3.6,"data": [75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495]},"pktlen": {"min":49,"avg":106.2,"max":265,"stddev":48.9,"var":2396.0,"ent":4.9,"data": [128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119]},"bins": {"c_to_s": [3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0],"entropies": [5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354972956,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354972956,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3rRAAEARHHHAqAypCi5nyKWlpjoAbKiIAAEAUCESpEJIMGllM1hUOElYclgABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUIfqSi1aNpSsABSuloxN5Y\/\/7Bh2AKAAEpHJZAg=="}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354991775,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1648032354991775,"pkt":"MzMAAAD7CL6sCxduht1gAkk0ADUR\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1CIEAAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="}
00987{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354991775,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1648032355975233,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032355975233,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3utAAEARHDrAqAypCi5nyJ\/KpjoAbCQ0AAEAUCESpEIvMksvQTdhNmdaMWQABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUQn4OwxCruPYNs70ikufkqqbqY\/aAKAAEQjwa\/g=="}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1648032356977510,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032356977510,"pkt":"CL6sCxdumt9Y+uvcCABFAACA30tAAEARG9rAqAypCi5nyKWlpjoAbB1JAAEAUCESpEJQUjdKd1ZWNmhPSU8ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUtAHrdAcRYAd6FYxrNDpUw59dLBmAKAAE\/jQVgw=="}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1648032357478346,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032357478346,"pkt":"CL6sCxdumt9Y+uvcCABFAACA33BAAEARG7XAqAypCi5nyJ\/KpjoAbEUJAAEAUCESpEI1bVMyQnh5OXM3MmMABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUAMPiAwxW\/GHCKSC9Q5d15nRSFMKAKAAEOjwk\/w=="}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359090868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032359090868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359090868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359090868,"pkt":"CL6sCxdumt9Y+uvcCABFAABAS0lAAEAG28rAqAypNDoSGZ8GFGZ2npAv5mpAKoAYAKzxSgAAAQEICkEsdOlPerjBwv4ABQAAAAANIwHG"}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359106963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359106963,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0p+FAAOsG1D00OhIZwKgMqRRmnwbmakAqdp6QO4AQAHIM9gAAAQEICk97b0RBLHTp"}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359107008,"pkt":"mt9Y+uvcCL6sCxduCABFAABAp+JAAOsG1DA0OhIZwKgMqRRmnwbmakAqdp6QO4AYAHI69AAAAQEICk97b0VBLHTpwv4ABQAAAAANIwHG"}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359108251,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0S0pAAEAG29XAqAypNDoSGZ8GFGZ2npA75mpANoAQAKwMngAAAQEICkEsdPpPe29F"}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557266,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWxxAAEARrcDAqAypW2wJI5\/KBXgAHJMEAAEAACESpEJKWGZZVmEzZGpzK04="}
01242{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557512,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWx1AAEARrb\/AqAypW2wJI6TVBXgAHEc2AAEAACESpEJaT3lOZUhRVUNaSWY="}
01242{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587689,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUlAADIRwVNbbAkjwKgMqQV4n8oAXLPRAQEAQCESpEJKWGZZVmEzZGpzK04AIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAQThhZ3"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587715,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUpAADIRwVJbbAkjwKgMqQV4pNUAXGDgAQEAQCESpEJaT3lOZUhRVUNaSWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATgolB7"}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363660886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFlAAEARAJDAqAypW2wNF6TVBXgAHIUQAAEAACESpEJ4TDNiVmMzcVJ5TTE="}
01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363670970,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFpAAEARAI\/AqAypW2wNF5\/KBXgAHDFOAAEAACESpEJ4Mld2aHpNWHgzMEw="}
01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363673567,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiUNAAEARd7rAqAypW2wRAp\/KBXgAHEXLAAEAACESpEJOZGorcy85N3hYOEQ="}
01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363677290,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiURAAEARd7nAqAypW2wRAqTVBXgAHGCFAAEAACESpEJZeUEvTW1CRVIxeUE="}
01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363794064,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVNAAC4RuVVbbA0XwKgMqQV4pNUAXC8AAQEAQCESpEJ4TDNiVmMzcVJ5TTEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAASEVJgu"}
00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363805878,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVZAAC4RuVJbbA0XwKgMqQV4n8oAXDw7AQEAQCESpEJ4Mld2aHpNWHgzMEwAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAQ+iHz\/"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363819830,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZztAADARqYJbbBECwKgMqQV4n8oAXJquAQEAQCESpEJOZGorcy85N3hYOEQAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAASOxt8C"}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363826861,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZzxAADARqYFbbBECwKgMqQV4pNUAXP6KAQEAQCESpEJZeUEvTW1CRVIxeUEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQL9hiv"}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1648032364328703,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACg8T1AAEARrr7AqAwBwKgM\/0RcRFwAjFAceyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNDEwNzAzNTIwMDMwMzgwNzA5MTc5NzYyNjA1Mzg1NzIwNTQ5OTksICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213678,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032364495680,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364799931,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032364830191,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":1817805.6,"max":25078496,"stddev":6146606.0,"var":37780767899648.0,"ent":1.5,"data": [29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496]},"pktlen": {"min":52,"avg":482.7,"max":1280,"stddev":530.0,"var":280877.2,"ent":4.1,"data": [60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52]},"bins": {"c_to_s": [14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1],"entropies": [4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648032366834628,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032366834628,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648032366834658,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032366834658,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367732783,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367732783,"pkt":"CL6sCxdumt9Y+uvcCABFAACYXJxAAEARq9jAqAypW2wJI5PZBXgAhA\/JAAQAaCESpEJBcGdMQnQ5T2VTWlAADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABS1pJxBqJPfDf+FiivEmPFrLMwd4g=="}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367733104,"flow_dst_last_pkt_time":1648032353830219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367733104,"pkt":"CL6sCxdumt9Y+uvcCABFAACYBHJAAEARAA\/AqAypW2wNF5KaBXgAhEftAAQAaCESpEJKd2lTVytqR09teHQADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABQpM2EIdxvQJh1tc4hEATxmCLSVKQ=="}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032353874651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367733413,"pkt":"CL6sCxdumt9Y+uvcCABFAACYiqdAAEARde7AqAypW2wRApJEBXgAhJK2AAQAaCESpEJLSE9pcnJGVENxRXoADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS\/34sPfahin5BHG\/PkvedGGFl+eQ=="}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367762702,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367762702,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8VLcAAEAB8ynAqAypW2wJIwMDLzsAAAAARQAAYFe7QAAyEb7xW2wJI8CoDKkFeJ7DAEwpDwEEADAhEqRCOU9SdFJMb28vZnBpAA0ABAAAAACAIgAETm9uZQAIABQWnSCybuekV\/exPSudWYHv7DhfEYAoAAQA9KQL"}
01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367762702,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.590070}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367764744,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8VLgAAEAB8yjAqAypW2wJIwMDLzsAAAAARQAAYFe8QAAyEb7wW2wJI8CoDKkFeJPZAEy9nAEEADAhEqRCQXBnTEJ0OU9lU1pQAA0ABAAAAACAIgAETm9uZQAIABSTWZ780EmFr0qRvpHmP19WWJ92ZoAoAAR+N+o\/"}
00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367859462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367859462,"pkt":"CL6sCxdumt9Y+uvcCABFwAB81loAAEABbZLAqAypW2wNFwMDMy8AAAAARQAAYF\/zQAAuEbbFW2wNF8CoDKkFeMIDAEwIRQEEADAhEqRCMkJ1Qk5mZlZTZDJNAA0ABAAAAACAIgAETm9uZQAIABSWeB6wlJc9B2Ka\/i76tTq8JQr4boAoAAQFS1Qp"}
01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367859462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.612482}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367864669,"pkt":"CL6sCxdumt9Y+uvcCABFwAB81lsAAEABbZHAqAypW2wNFwMDMy8AAAAARQAAYF\/0QAAuEbbEW2wNF8CoDKkFeJKaAEzE4QEEADAhEqRCSndpU1crakdPbXh0AA0ABAAAAACAIgAETm9uZQAIABQPNVNRz4szF0100qKPc8TsBV2eFYAoAARAKe5T"}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367877247,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367877247,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pogAAEABmXnAqAypW2wRAgMDNxoAAAAARQAAYGkyQAAwEaebW2wRAsCoDKkFeMJ0AExkFwEEADAhEqRCWXFROFI2akdHVHBiAA0ABAAAAACAIgAETm9uZQAIABQ73DX4akHHG\/t7arnPhHpDd\/3YyIAoAARsGubG"}
01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367877247,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.737482}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367885663,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pokAAEABmXjAqAypW2wRAgMDNxoAAAAARQAAYGk1QAAwEaeYW2wRAsCoDKkFeJJEAEylPgEEADAhEqRCS0hPaXJyRlRDcUV6AA0ABAAAAACAIgAETm9uZQAIABTZOmmRI5FcQW+rAa8g\/fpFll3GzoAoAASHsPRA"}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1648032373241368,"pkt":"mt9Y+uvcCL6sCxduCABFAABT6ldAAOsGItsSw6JdwKgMqQG7mCy7WPtHxPlC24AYAHtr3AAAAQEICnkLeDpCTgbkFQMDABr+u10WYqqjSVLzlRa1hyPjBkG+M0x+dgZKjg=="}
00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032373315177,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tt9AAEAGAXPAqAypEsOiXZgsAbvE+ULbu1j7ZoAQAMhy4gAAAQEICkJO9JB5C3g6"}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378245645,"pkt":"mt9Y+uvcCL6sCxduCABFAAA06lhAAOsGIvkSw6JdwKgMqQG7mCy7WPtmxPlC24ARAHtfogAAAQEICnkLi8ZCTvSQ"}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378336597,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tuBAAEAGAXLAqAypEsOiXZgsAbvE+ULbu1j7Z4AQAMhLuAAAAQEICkJPCC15C4vG"}
01081{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00791{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01162{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032367726063,"flow_dst_last_pkt_time":1648032367761550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":816,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032366834658,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":100,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032364833042,"flow_dst_last_pkt_time":1648032364830140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1999,"flow_dst_tot_l4_payload_len":114100,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364836832,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336807614,"flow_dst_last_pkt_time":1648032336880010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":684,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":684,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032367726487,"flow_dst_last_pkt_time":1648032367858291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032367880227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032367726813,"flow_dst_last_pkt_time":1648032367876128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032367733104,"flow_dst_last_pkt_time":1648032367862465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032367732783,"flow_dst_last_pkt_time":1648032367761600,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 889/887
~~ skipped flows.............: 0
~~ total layer4 data length..: 330235 bytes
~~ total detected protocols..: 32
~~ total active/idle flows...: 34/34
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6761734 bytes
~~ total memory freed........: 6761734 bytes
~~ total allocations/frees...: 115287/115287
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 543 chars
~~ json message max len.......: 2353 chars
~~ json message avg len.......: 1448 chars
|