aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/telegram_voice.pcapng.out
blob: 5fbb824a115c7a4f9521ec675524ab1b0d36de4b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731945706423652,"pkt":"AQBeAAD7dNo47VMyCABFAABJO\/ZAAP8RkgjAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"}
01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731945709952490,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1731945715153114,"pkt":"dNo47VMyYhO2esBpCABFAABS16hAAEARyV3AqAxDwKgMAa4eADUAPsLYgNEBAAABAAAAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQAB"}
01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1731945715155704,"pkt":"YhO2esBpdNo47VMyCABFAABi8EtAAEARsKrAqAwBwKgMQwA1rh4AToIigNGBgAABAAEAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAAAAgAEAAAAAA=="}
01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945715155704,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["0.0.0.0,ttl=2"]}}}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728458253,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xb1AAEARo3fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="}
01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728459223,"pkt":"dNo47VMyYhO2esBpCABFAAA4EXJAAEAR87fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="}
01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728460409,"pkt":"dNo47VMyYhO2esBpCABFAAA4LCpAAEAR3RHAqAxDW2wJIqZHBXgAJEsGAAMACCESpEIzTys2Y1BhOWVxeGkAGQAEEQAAAA=="}
01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728461584,"pkt":"dNo47VMyYhO2esBpCABFAABEHXtAAEAR56PAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728463022,"pkt":"dNo47VMyYhO2esBpCABFAABEyWdAAEARN+PAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728464288,"pkt":"dNo47VMyYhO2esBpCABFAABEWSpAAEARr+PAqAxDW2wJRKAzAlQAMCRTXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728488726,"pkt":"YhO2esBpdNo47VMyCABFAAB4xN5AADQRUB1bbAkiwKgMQwV4pkcAZDn2ARMASCESpEIzTys2Y1BhOWVxeGkACQAQAAAEAVVuYXV0aG9yaXplZAAVABA4YzhhOWJmNmE0MDc3YTE2ABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABJjQB4c="}
01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945728488726,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728489362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728489362,"pkt":"YhO2esBpdNo47VMyCABFAABcTiVAADMRx9BbbAlEwKgMQwJUoDMASJ7WXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYpkAAA=="}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731945728494473,"pkt":"dNo47VMyYhO2esBpCABFAACYLCxAAEAR3K\/AqAxDW2wJIqZHBXgAhAxtAAMAaCESpEJwVUxJeGRiQVdKMFYAGQAEEQAAAAAGAB0xNzMxOTY3MzI5OjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOGM4YTliZjZhNDA3N2ExNgAIABQm+N1\/wSiwtOXIMpNlS1zDLPeq8A=="}
00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728524234,"pkt":"YhO2esBpdNo47VMyCABFAAB4xOhAADQRUBNbbAkiwKgMQwV4pkcAZCuQAQMASCESpEJwVUxJeGRiQVdKMFYAFgAIAAHmfnp+rWAAIAAIAAG4TXwxDtIADQAEAAAAPIAiAAROb25lAAgAFM5pB5c1eleZe\/6c\/z+F7CzLuE7OgCgABFQL6vg="}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728584147,"pkt":"YhO2esBpdNo47VMyCABFAABcWFJAADERu7RbbA0zwKgMQwJVmHMASPHVXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYJkAAA=="}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728609969,"pkt":"YhO2esBpdNo47VMyCABFAABc6YBAADMRJLJbbBEHwKgMQwJVtxQASIZMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728706036,"pkt":"YhO2esBpdNo47VMyCABFAACUTkpAADMRx3NbbAlEwKgMQwJUoDMAgHtqXPOTdb7uCtvt6zwJ96Mr0ZuShe4AAABgAAEATCESpEJoaGtXcGNWVXpySVIABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTxjAEB0\/jnWqnvYdX1S+b9+3BmXYAoAARQiC5f"}
01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728706036,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728709636,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728709636,"pkt":"dNo47VMyYhO2esBpCABFAAB0WS9AAEARr67AqAxDW2wJRKAzAlQAYEs2XPOTdb7uCtvt6zwJm5KF7vejK9EAAABAAQEALCESpEJoaGtXcGNWVXpySVIAIAAIAAEjRnp+rQYACAAUbdtTUes+IvzXP3cb0qK2aH6\/gNqAKAAEBJsbdw=="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728710788,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc1AAEARo2fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="}
01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728710788,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728711013,"pkt":"dNo47VMyYhO2esBpCABFAAA4EYtAAEAR857AqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="}
01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728711013,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728714153,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728714153,"pkt":"dNo47VMyYhO2esBpCABFAACUWTBAAEARr43AqAxDW2wJRKAzAlQAgG30XPOTdb7uCtvt6zwJm5KF7vejK9EAAABgAAEATCESpEI0MGVWenAxdGxjbmQABgAJT2d6VjpLTHQzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABQUZZOHVHammz9bm6rlsbiZMuqFn4AoAAQtt\/ba"}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728858961,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731945728858961,"pkt":"dNo47VMyYhO2esBpCABFAACcLDhAAEAR3J\/AqAxDW2wJIqZHBXgAiOqQAAgAbCESpEJOK1doL01hbW9jM1YAEgAIAAGWoHp+rWAABgAdMTczMTk2NzMyOToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDhjOGE5YmY2YTQwNzdhMTYACAAU75sz2EBb0hSU\/yLvGAjc3jfRyEc="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728962208,"pkt":"dNo47VMyYhO2esBpCABFAABEHZRAAEAR54rAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728963821,"pkt":"dNo47VMyYhO2esBpCABFAABEyX1AAEARN83AqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728995458,"pkt":"YhO2esBpdNo47VMyCABFAACUWHFAADERu11bbA0zwKgMQwJVmHMAgDvkXPOTdb7uCtvt6zwJb31myCmOxcsAAABgAAEATCESpEJEbE1XZHhyZEpQWFgABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABS2yKV+wUzYSSt9TjMvT2twQfopgoAoAATUf0H9"}
01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728995458,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728999059,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728999059,"pkt":"dNo47VMyYhO2esBpCABFAAB0HZVAAEAR51nAqAxDW2wNM5hzAlUAYP9BXPOTdb7uCtvt6zwJKY7Fy299ZsgAAABAAQEALCESpEJEbE1XZHhyZEpQWFgAIAAIAAEjR3p+qXEACAAUNbxkRyuSnMtEid3t8H4BEMIHj4uAKAAExuFdQQ=="}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945729110362,"pkt":"YhO2esBpdNo47VMyCABFAABc6cNAADMRJG9bbBEHwKgMQwJVtxQASIVMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcACZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729210681,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729210681,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc9AAEARo2XAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729214956,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729214956,"pkt":"dNo47VMyYhO2esBpCABFAAA4EaJAAEAR84fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="}
02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728965019,"flow_dst_last_pkt_time":1731945729659565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1556,"flow_dst_tot_l4_payload_len":3292,"midstream":0,"thread_ts_usec":1731945729659565,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":54709.9,"max":245348,"stddev":61453.4,"var":3776523008.0,"ent":4.1,"data": [25074,216674,245348,4517,49052,101090,2123,47856,705,203,47977,8,48680,63235,15,67883,33733,30921,5566,35563,42632,10,106554,90512,4893,3141,92065,131857,148102,20831,29188]},"pktlen": {"min":68,"avg":179.5,"max":668,"stddev":151.2,"var":22848.8,"ent":4.6,"data": [68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92]},"bins": {"c_to_s": [0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.577797413,4.704595566,5.840540886,6.068605900,5.729596138,5.724494934,6.023389339,5.735745430,5.209395409,6.047139168,5.621933937,5.952142715,5.800000668,6.109596729,6.500761509,6.081621647,6.754777431,5.751046658,6.006148338,4.577797413,4.704595566,7.371456146,5.947301865,6.372353077,5.506771564,5.806564331,6.849390507,5.727319241,5.766920567,5.701651573,6.887141705,5.708128929]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
02376{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945729768352,"flow_dst_last_pkt_time":1731945729070645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":948,"midstream":0,"thread_ts_usec":1731945729768352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":263,"avg":61876.7,"max":364488,"stddev":85905.3,"var":7379713024.0,"ent":4.0,"data": [28317,34064,35508,364488,566,362690,49517,68716,48417,51074,2919,56026,29084,263,48698,1930,20770,10384,79381,92318,1601,769,131478,118774,44174,69454,51913,13839,47939,1880,51228]},"pktlen": {"min":56,"avg":136.9,"max":237,"stddev":39.8,"var":1586.6,"ent":4.9,"data": [56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82]},"bins": {"c_to_s": [1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.971485138,5.671458721,5.746047974,5.878075600,5.706763744,5.727324486,5.785743237,5.641233921,5.929356098,5.664824486,5.968761921,5.817453384,5.830233097,5.731947422,5.954558372,5.994700909,5.790436745,5.817786694,5.885230064,5.863245964,5.738586903,5.528282642,6.865426064,5.427438736,6.728340626,6.638175011,6.711227417,6.654670715,5.510934830,6.905664921,5.741343975,5.854089737]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730211455,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730211455,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xi9AAEARowXAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730212650,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730212650,"pkt":"dNo47VMyYhO2esBpCABFAAA4EfBAAEAR8znAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214609,"pkt":"dNo47VMyYhO2esBpCABFAAA4XrRAAEARooDAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214755,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214755,"pkt":"dNo47VMyYhO2esBpCABFAAA4EqZAAEAR8oPAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="}
01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945733394117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945733394117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945738970403,"pkt":"dNo47VMyYhO2esBpCABFAABEzUFAAEARNAnAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945736216693,"flow_dst_last_pkt_time":1731945739144052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945739144052,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1731945742420231,"pkt":"dNo47VMyYhO2esBpCABFwAEFw38AAEABhD\/AqAxDW2wJIgMDL10AAAAARQAA6dCeQAA0EUPsW2wJIsCoDEMFeKZHANUK1kAAAMmQb2AJzb3qHHAerQa+3gACImIAyjEA+ABKS8ce3yTB2t4dJ0Gq0MjI3DQc3a7luHIJR7sQrMRvHrxrIsP+1AgD+2TZkP6mYt4lsYZ\/LfTY1rQm16V09KwAjNVzc2DmDqff4tuttobLGtALUjjw0eT1RB8\/Tzx94UspBNvBqnLdwxrpjljx38\/VDd\/yMgt5SOu\/cbylLKZ6s9TwAFTEf7V12BeqWik\/WQDQv\/9BXRMMVVgo63X7iHa11\/Zbc7776lDaT7M+twE1+8w="}
01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":6.979447}}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1731945742427566,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1731945742427566,"pkt":"dNo47VMyYhO2esBpCABFwAB8w4AAAEABhMfAqAxDW2wJIgMDLtQAAAAARQAAYNCgQAA0EURzW2wJIsCoDEMFeKZHAExbNAEEADAhEqRCenpYWVJwRFFDb201AA0ABAAAAACAIgAETm9uZQAIABQ+KeI5lcomrBSJbcYHE6UGj1Uj14AoAAQNK102"}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1731945742483377,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1731945742483377,"pkt":"dNo47VMyYhO2esBpCABFwAB9w4EAAEABhMXAqAxDW2wJIgMDLtUAAAAARQAAYdCnQAA0EURrW2wJIsCoDEMFeKZHAE3xhEAAAEEX\/v0AAQAAAAAACAA0AAEAAAAAAAgL4navLTSfGO6ZdGR1XF3agUnmdNc0JqHPz11AONRepxhXuTrfKSh\/DdS\/Ug=="}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1731945742486517,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1731945742486517,"pkt":"dNo47VMyYhO2esBpCABFwACFw4IAAEABhLzAqAxDW2wJIgMDLt0AAAAARQAAadCoQAA0EURiW2wJIsCoDEMFeKZHAFWli0AAAEkX\/v0AAQAAAAAACQA8AAEAAAAAAAndkPmzy1kMGucJfQE2hnwTqBl5kurGYSy1jtwjjMEdLnj7utWJl\/Uku5oSw49NQ7SZgNrJ"}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1731945742490274,"pkt":"dNo47VMyYhO2esBpCABFwABjw4MAAEABhN3AqAxDW2wJIgMDLrsAAAAARQAAR9CrQAA0EUSBW2wJIsCoDEMFeKZHADNWfUAAACcV\/v0AAQAAAAAACgAaAAEAAAAAAAr81xeavmYd7qWcd6iCtVgKwnw="}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945738968988,"flow_dst_last_pkt_time":1731945739091138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":60,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945738970434,"flow_dst_last_pkt_time":1731945738995534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":11896,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":401,"flow_dst_packets_processed":341,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945742396734,"flow_dst_last_pkt_time":1731945742488310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":56131,"flow_dst_tot_l4_payload_len":53338,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945741156829,"flow_dst_last_pkt_time":1731945735000846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945740903911,"flow_dst_last_pkt_time":1731945739145072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":552,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945739117008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com"}}
00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1731945742490274}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 870/868
~~ skipped flows.............: 0
~~ total layer4 data length..: 127117 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8469226 bytes
~~ total memory freed........: 8469226 bytes
~~ total allocations/frees...: 145701/145701
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 561 chars
~~ json message max len.......: 2381 chars
~~ json message avg len.......: 1470 chars
Powered by cgit, Themed by Ted Yin.