aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/threema.pcap.out
blob: ae5ecb99d322898132f670e0a5ff630db5e29cc7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655301424082000}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301424082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424082000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424108000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1655301424111000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655301424111000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sONAAD8GIg3AqAJkuVjsbsR6FGaFcI5+aePtuIAQAVescAAAAQEICgAOPqbtlO9s"}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655301424114000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301424114000,"pkt":"eJS0JASgYDjgxTWgCABFAABksORAAD8GIdzAqAJkuVjsbsR6FGaFcI5+aePtuIAYAVfFoAAAAQEICgAOPqftlO9swU4RG09XvW5sxWQOt9DTmFtmMqcmnZCC\/6usnrlJWxvXRyBkrUmLUolaHsVAIozC"}
00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655301424114000,"flow_dst_last_pkt_time":1655301424139000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301424139000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxHpp4+24hXCOroAYBBTWNgAAAQEICu2U74oADj6n5Fim133XtxT9wdaEetzjoM\/2v+FhjWRDKhL9M8x49OwoPK+vZPbgEVjQrtzq1hNRZtdojWWkYEkDMb+vScui5qCr+EKfrAStizMBL0uzJJM="}
00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301470737000,"flow_dst_last_pkt_time":1655301424170000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":444,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655301470737000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301591783000,"flow_dst_last_pkt_time":1655301591783000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301591783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655301591783000,"flow_dst_last_pkt_time":1655301591783000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301591783000,"pkt":"eJS0JASgYDjgxTWgCABFAAA89dRAAD8G3RPAqAJkuVjsbsU0FGbdvRewAAAAAKAC\/\/8tsAAAAgQFtAQCCAoADuJkAAAAAAEDAwg="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655301591783000,"flow_dst_last_pkt_time":1655301591807000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301591807000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxTS\/ZrJg3b0XsaAS\/\/\/aLAAAAgQFrAEDAwYEAggKjwRSsAAO4mQ="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1655301591810000,"flow_dst_last_pkt_time":1655301591807000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655301591810000,"pkt":"eJS0JASgYDjgxTWgCABFAAA09dVAAD8G3RrAqAJkuVjsbsU0FGbdvRexv2ayYYAQAVcHkgAAAQEICgAO4muPBFKw"}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655301591811000,"flow_dst_last_pkt_time":1655301591807000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301591811000,"pkt":"eJS0JASgYDjgxTWgCABFAABk9dZAAD8G3OnAqAJkuVjsbsU0FGbdvRexv2ayYYAYAVcUBAAAAQEICgAO4muPBFKw8xHq466QulfRGKPZqN+nzxkHiklOaAiEXinh5XSIh3CVAfAIgGhQGzYPzh1dKfmr"}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655301591811000,"flow_dst_last_pkt_time":1655301591836000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301591836000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxTS\/ZrJh3b0X4YAYBBQHQgAAAQEICo8EUs4ADuJrOAuh0w0uWhLT1EAS35jErfdD8Q\/APFjMebuBWL9VYq5NJQxRq4wusdtrT7SEVp3s1LR9z6ENcgM8FNGy5cFNj+QXIuT9+knzkwdHSfj0mzU="}
00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301594185000,"flow_dst_last_pkt_time":1655301591869000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":548,"midstream":0,"thread_ts_usec":1655301594185000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301676958000,"flow_dst_last_pkt_time":1655301676958000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301676958000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655301676958000,"flow_dst_last_pkt_time":1655301676958000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301676958000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OhtAAD8GmM3AqAJkuVjsbsVEFGa+1hz1AAAAAKAC\/\/8CuAAAAgQFtAQCCAoADybuAAAAAAEDAwg="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655301676958000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301676985000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxUQ+t0LhvtYc9qAS\/\/88cwAAAgQFrAEDAwYEAggKDbs26gAPJu4="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1655301676988000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655301676988000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OhxAAD8GmNTAqAJkuVjsbsVEFGa+1hz2PrdC4oAQAVdp2AAAAQEICgAPJvUNuzbq"}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301676990000,"pkt":"eJS0JASgYDjgxTWgCABFAABkOh1AAD8GmKPAqAJkuVjsbsVEFGa+1hz2PrdC4oAYAVeW7QAAAQEICgAPJvYNuzbqEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k5Ez5IOu8sHTBCPJKxiuLUM"}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301677017000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301677017000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxUQ+t0LivtYdJoAYBBT1kQAAAQEICg27NwgADyb2pST6cJDhur1ILq6UIEWtlnuQFkcU2\/xfWadEuFW78qsYg5wMjFnUvaWsfnK6Fp3dpRxs6\/7D1WxjM2X8\/Gu1wMcVtNcAnkhA9GW1gMlDC+8="}
00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301678700000,"flow_dst_last_pkt_time":1655301677048000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655301678700000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1655304039977000}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655304039977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304039977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304040001000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1655304040004000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655304040004000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0D\/dAAD8GwvnAqAJkuVjsbsW6FGZ91skpdNwRq4AQAVfjtgAAAQEICgAQxuU7a37S"}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655304040005000,"pkt":"eJS0JASgYDjgxTWgCABFAABkD\/hAAD8GwsjAqAJkuVjsbsW6FGZ91skpdNwRq4AYAVd9PwAAAQEICgAQxuU7a37SEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4t\/SmRE2yBdAumEpypLcak"}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040029000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655304040029000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxbp03BGrfdbJWYAYBBS+bwAAAQEICjtrfvAAEMblDwmY0u1\/FJJlG8pGMzR4DHUA2SbDCPgL7VMIbmcQJS5Wyz7JHVONLuWdk575DHG9THznkpqJQgv38Qj\/f\/dhFRs1\/8YAkvYQ2sZA5fjM1T8="}
00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304040312000,"flow_dst_last_pkt_time":1655304040064000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655304040312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301738438000,"flow_dst_last_pkt_time":1655301678762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655304045367000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655306704436000}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655306704436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704460000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1655306704463000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655306704463000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0W4RAAD8Gd2zAqAJkuVjsbsYeFGbGZSTpLWF89IAQAVesGwAAAQEICgASf3F3Y\/lm"}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655306704464000,"pkt":"eJS0JASgYDjgxTWgCABFAABkW4VAAD8GdzvAqAJkuVjsbsYeFGbGZSTpLWF89IAYAVetkAAAAQEICgASf3J3Y\/lmEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4sbataBLDe6as2OUn4cnpB"}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704488000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655306704488000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxh4tYXz0xmUlGYAYBBTJUQAAAQEICndj+YQAEn9yeZWV+OdkU0mSnCGppCSAJbL9JS8rd+OXEO3cXQRLF+HwyR8sz+yuANi\/FNlAZNb3PrHf0YF9udqW3VvcrW+\/D2pjQJ1v\/TFBzsLCAdVVzZ8="}
00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304045367000,"flow_dst_last_pkt_time":1655304045364000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655306704559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655307958972000}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655307958972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958972000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958996000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1655307958999000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655307958999000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00XdAAD8GAXnAqAJkuVjsbsasFGYhOI\/na\/hQtoAQAVfxOwAAAQEICgAWXpf8lXcy"}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1655307959000000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655307959000000,"pkt":"eJS0JASgYDjgxTWgCABFAABk0XhAAD8GAUjAqAJkuVjsbsasFGYhOI\/na\/hQtoAYAVfaLQAAAQEICgAWXpj8lXcy6kbgjIUXtJZSP3ef08ne4gfPXDsNYJbMITHre1+57RmQAWGFzTHqooyrlluUBtOm"}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655307959000000,"flow_dst_last_pkt_time":1655307959025000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655307959025000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxqxr+FC2ITiQF4AYBBQivQAAAQEICvyVd0YAFl6YVUfIE5eZRpcII3s\/f2T4AZkUSyc1PgmBoVN43+fqJhU7PuZ8DIIm9QKIr7boopM1nlfZX+jEo9V5p9DzSRNu5B+I+Nk\/FdAv5atz7nfwBkE="}
01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306777863000,"flow_dst_last_pkt_time":1655306777860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655307959100000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306777863000,"flow_dst_last_pkt_time":1655306777860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655307959100000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301470813000,"flow_dst_last_pkt_time":1655301470800000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":444,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301621987000,"flow_dst_last_pkt_time":1655301622013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1655308018973000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 83/83
~~ skipped flows.............: 0
~~ total layer4 data length..: 6004 bytes
~~ total detected protocols..: 4
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 5523528 bytes
~~ total memory freed........: 5523528 bytes
~~ total allocations/frees...: 86004/86004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 545 chars
~~ json message max len.......: 1067 chars
~~ json message avg len.......: 805 chars
Powered by cgit, Themed by Ted Yin.