aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/telegram_videocall_2.pcapng.out
blob: dc19a861a0173012d9e682d3183fe5515722ef8d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"}
01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731946733955605,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="}
01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900337,"pkt":"dNo47VMyYhO2esBpCABFAAA4MVhAAEAR15vAqAxDW2wJapwgBXgAJPquAAMACCESpEJqbjEvdGFsZ2dHd3IAGQAEEQAAAA=="}
01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900481,"pkt":"dNo47VMyYhO2esBpCABFAAA4CeVAAEAR+3XAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900572,"pkt":"dNo47VMyYhO2esBpCABFAAA4bgpAAEARkyLAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740900678,"pkt":"dNo47VMyYhO2esBpCABFAABEEnFAAEAR9tbAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901087,"pkt":"dNo47VMyYhO2esBpCABFAABE+u5AAEARBlvAqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901130,"pkt":"dNo47VMyYhO2esBpCABFAABEAY5AAEARA6rAqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740924754,"pkt":"YhO2esBpdNo47VMyCABFAAB446VAADMRMg5bbAlqwKgMQwV4nCAAZJQXARMASCESpEJqbjEvdGFsZ2dHd3IACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NDQ3YzBhODM4ODc3NDYzABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABE+Mpgc="}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731946740924754,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946740924787,"pkt":"YhO2esBpdNo47VMyCABFAABc7RxAADQRKBNbbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731946740929880,"pkt":"dNo47VMyYhO2esBpCABFAACYMVpAAEAR1znAqAxDW2wJapwgBXgAhAJ3AAMAaCESpEJsTFp4REFIYU15dVIAGQAEEQAAAAAGAB0xNzMxOTY4MzQxOjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTQ0N2MwYTgzODg3NzQ2MwAIABR2KtKB33CStbawXfNsZh\/G\/qvnnA=="}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740957073,"pkt":"YhO2esBpdNo47VMyCABFAAB446ZAADMRMg1bbAlqwKgMQwV4nCAAZDpdAQMASCESpEJsTFp4REFIYU15dVIAFgAIAAGyOHp+rSgAIAAIAAG4bXwxDtIADQAEAAAAPIAiAAROb25lAAgAFJlm+aznLL1e9oLm1nndfGyxhvvEgCgABLF4z2o="}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741023286,"pkt":"YhO2esBpdNo47VMyCABFAABcXThAADERtudbbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741048373,"pkt":"YhO2esBpdNo47VMyCABFAABcZP9AADMRqTJbbBEIwKgMQwJVtlMASPRsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146448,"pkt":"dNo47VMyYhO2esBpCABFAAA4CfFAAEAR+2nAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146448,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146793,"pkt":"dNo47VMyYhO2esBpCABFAAA4bhJAAEARkxrAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146793,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415294,"pkt":"dNo47VMyYhO2esBpCABFAABEEpBAAEAR9rfAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415371,"pkt":"dNo47VMyYhO2esBpCABFAABE+wxAAEARBj3AqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415476,"pkt":"dNo47VMyYhO2esBpCABFAABEAZpAAEARA57AqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741438361,"pkt":"YhO2esBpdNo47VMyCABFAABc7YBAADQRJ69bbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741455021,"pkt":"dNo47VMyYhO2esBpCABFAACUEpNAAEAR9mTAqAxDW2wJCqzzAlUAgHyHyTuYM2k\/Rq6r+4eN3ZN1HXFa7KgAAABgAAEATCESpEJGSHIzakJmWDlZZFMABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABRP6D96wpT\/fEBrc+uxm4DhzbqVVYAoAAQMwkOe"}
01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741455021,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741535530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741535530,"pkt":"YhO2esBpdNo47VMyCABFAABcXUJAADERtt1bbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741562289,"pkt":"YhO2esBpdNo47VMyCABFAABcZT9AADMRqPJbbBEIwKgMQwJVtlMASPNsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD2aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="}
00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741563039,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731946741563039,"pkt":"dNo47VMyYhO2esBpCABFAACcMZVAAEAR1vrAqAxDW2wJapwgBXgAiIiMAAgAbCESpEJMS2hqRmNPSktXYS8AEgAIAAHvmHp+rSgABgAdMTczMTk2ODM0MToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDk0NDdjMGE4Mzg4Nzc0NjMACAAUfZYAz1TCSseNGKU6e+wfgKw\/POI="}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741638435,"pkt":"YhO2esBpdNo47VMyCABFAACUXU5AADERtplbbA0awKgMQwJWpbEAgLnOyTuYM2k\/Rq6r+4eNjxlZTO1GBpwAAABgAAEATCESpEIwM1UvU3NIOVJGMEUABgAJMkdTaDpRU2gxAAAAwFcABAADA4SAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABTXPLZETMdJvNRvTRPxblog6S0sPoAoAAT2Mcen"}
01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":248,"midstream":0,"thread_ts_usec":1731946741638435,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741647287,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741647287,"pkt":"dNo47VMyYhO2esBpCABFAAA4CgNAAEAR+1fAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741648442,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741648442,"pkt":"dNo47VMyYhO2esBpCABFAAA4biRAAEARkwjAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741797117,"pkt":"dNo47VMyYhO2esBpCABFAACU+zBAAEARBcnAqAxDW2wRCLZTAlUAgPrbyTuYM2k\/Rq6r+4eNp\/o6mYvDr3MAAABgAAEATCESpEJOaDNhdFBKSlg5a20ABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTs6d5ccQOT\/RksJw\/DwndeFN1ti4AoAASntpvk"}
01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741797117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946742240391,"flow_dst_last_pkt_time":1731946742264226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":262,"flow_src_tot_l4_payload_len":2187,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1731946742264226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":87224.0,"max":633159,"stddev":149549.7,"var":22365106176.0,"ent":3.7,"data": [24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564]},"pktlen": {"min":56,"avg":146.8,"max":680,"stddev":107.0,"var":11452.5,"ent":4.8,"data": [56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89]},"bins": {"c_to_s": [1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742647652,"pkt":"dNo47VMyYhO2esBpCABFAAA4CkNAAEAR+xfAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742649019,"pkt":"dNo47VMyYhO2esBpCABFAAA4boZAAEARkqbAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
02241{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742282512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1731946742884971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":108584.7,"max":699013,"stddev":167856.0,"var":28175654912.0,"ent":3.8,"data": [24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013]},"pktlen": {"min":68,"avg":160.0,"max":624,"stddev":120.1,"var":14426.0,"ent":4.7,"data": [68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148]},"bins": {"c_to_s": [0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0],"entropies": [4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":120,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946743383191,"flow_dst_last_pkt_time":1731946743371372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1193,"flow_src_tot_l4_payload_len":45388,"flow_dst_tot_l4_payload_len":65505,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946742336578,"flow_dst_last_pkt_time":1731946742616857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":776,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742970662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":2068,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1731946743383191}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 315/315
~~ skipped flows.............: 0
~~ total layer4 data length..: 118015 bytes
~~ total detected protocols..: 8
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8448373 bytes
~~ total memory freed........: 8448373 bytes
~~ total allocations/frees...: 145125/145125
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 567 chars
~~ json message max len.......: 2389 chars
~~ json message avg len.......: 1477 chars
Powered by cgit, Themed by Ted Yin.