aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/tinc.pcap.out
blob: 010b4dc8d3e068bc0bbe8003967a1ddfe13d8fa7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495983427717971}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427744301,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427768940,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427768999,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427768999,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1495983427769052,"pkt":"ABcILL3nACbGCvpSCABFEAAzvE1AAEAGvxWDcqgbuVPacOds2We5l\/9BoNDrQlAYAOU1egAAMCB0aGluayAxNwo="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427794171,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427794228,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427794228,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1495983427794279,"pkt":"ABcILL3nACbGCvpSCABFEAAvk+tAAEAG53uDcqgbuVPacMCK2WgWL9D8EU\/fY1AYAOWeRAAAMCB0IDE3Cg=="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427816156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427816156,"pkt":"ACbGCvpSABcILL3nCABFCAAo0wJAADEGt3O5U9pwg3KoG9ln52yg0OtCuZf\/TFAQAHPqQgAAAAAAAAAA"}
01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427816902,"flow_dst_last_pkt_time":1495983427818440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1050,"flow_dst_tot_l4_payload_len":1047,"midstream":0,"thread_ts_usec":1495983427818440,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427844409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427844409,"pkt":"ACbGCvpSABcILL3nCABFCAAo5z5AADEGoze5U9pwg3KoG9lowIoRT99jFi\/RA1AQAHN+NgAAAAAAAAAA"}
01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427846083,"flow_dst_last_pkt_time":1495983427844511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":1044,"midstream":0,"thread_ts_usec":1495983427846083,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":644,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428000367,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"thread_ts_usec":1495983428000367,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="}
01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":644,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428000367,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1495983428000524,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1495983428000524,"pkt":"ABcILL3nACbGCvpSCABFAALQAABAAEAReMuDcqgbuVPacNln2WcCvOcuvywVtuwFGBCYss6acsiJNNNiAbBIlKDNCK44gk8rPgtBTYPcB0TBQaeKKWA+4iZhbEKh+1udHAv6t2B1Yn6IJMtYq5DM3X4M272sdmCIguJEDbWnC1eertoAJ\/nCld7bT5YQq8t1ppSFEJgecf3feprazQpcAFso0UkuKa+f8uN2aRv39oQ84yMBNBDhwVJ0a0nVOlZ6yZDSD51mMG4JoLiN6RWJXjcVqxy8m9jXpG1c+xsS0O6vC2KUMrKi+v7l2G+JsqarL4sHxppbbBoKMn1G6jriIHVF2byGLSZ00B3htFsVVj1wv1QBh8gghmipFPjUm\/aeSaE+oJUPKU+sp7Dg6Xva6c8vbo3TtJqvjKV8ke6QyQ7aGh5wPiN9\/a7xgRazNtYiEGk2\/mB4tPUVqvmOMmFqyRUy5E54tmImaZBxLH6d0RcjOcdr5cOGQQBnbEVGuWb70eAFXbxU9GwFaLQbsB4ixO+0UXLmZZZSFjcwzL0p2ByLphsBC+0r5HUR+xSSVPlg1gpXDvLAqvPafPWGz0oEsVqgZuuOxAECfRwfFUitnotekdgFMlckueO6aNw3gcrUrWq8lluC226td1YzzuWc1bztMEO46Nwl29tlwW+n4BfE8Ks4iF0RmPeruypgNVfy8UHTu26YFArxZ++\/ysArMEP2WLqaUMI6M\/jOSF4Hmz4MDlNkXALZoCcota0mysF7b9UawKat33S4Mn95EjfrH9sP42bJhKBoemGSQoufnGy397VEaJIbjn0C4TMCdTSxnPB2Kbauhcj5J9SFESxhfdT1dCI+XOZyD+qGea1LaaQlTKnH9E\/\/jMJNmp50jvcNxKjRrVFwHpWvyCjkeewfQ5cMV0LYN7Zr0J8LPcmGWZ6HVdR8joEBR5VzTkpA484re9kkh3rmNHcG6eXJdcA="}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1495983428000524,"flow_dst_last_pkt_time":1495983428027839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_usec":1495983428027839,"pkt":"ACbGCvpSABcILL3nCABFCADgAABAADERibO5U9pwg3KoG9ln2WcAzPGuM9Lx5\/tPdTG2m3Y0AlyEq2mnzqyIMEs7w8HRBEl8Y5NuT+Tl6VzNZm9syhOM8O5X9DMCZ2i18aEY5\/AFa+9vGaBzFiMm9BvXYzjoD8NIhl92KAV3hQzzPzdUGmBVVMf0BbRkDSRCiFN9nGpFLBN+y4nOpA3kBUeSofHjZl9gZY\/0gSr+qv0Gl1ZSJf+LLeeMJpEC6tb9XeO6w6224M34GMTZTkD7Nv+SCyj6hVz9obZb5coivi5CEA1BAiI84UNSuifu9w=="}
02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1495983428000524,"flow_dst_last_pkt_time":1495983428027886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1495983428027886,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9ln2WcFrJ9NJd3U32890WxGJqXzu8N9z7F3z+nPlNt4ZdduCnxHzVoztNfcD4uWugbXdRpxTU2iz+JXKOrBgP5eOvIBvd+AeyeE4xrdk5UB\/TRK305AVJ3NrauFoVv2qwmhRXxr1Dx7T18ByO+3W2zS86R0E1qrOxGfKzosa15\/y1MVEISI68OTNay3zeW7VOUKfkNyNjRsU+AguCnzSzXClkCO+DI0liF3VNKieM\/heXuMdrZGWfriUBTPtVJSzZkruLEN0ilRDylUau34hOZDI4b\/LgE8v7OCwdsOToW9oY4zV\/kimskruY\/nc+Gg5fPu+KGj7px2YRFxmHzBHtftHv\/c6HjDE4dEBjOUCCEv2nJNiO76vr0WPYo+R9rhdn1vka\/fjPzMUIHHcjBscg++Vllw20uKvfiwOBLD6wTh2wMVvts6e79sb9NTzsTtB+1Gt7SGIn8aCcepVuBS\/2H3SqbiAgDgAnkwOBIXQPOFejdn9yviveX4u51Ibsj+bPSj\/W07XGWw2zr9RDuBhN8A\/LTIH9rLvjJM4Kkvl\/5PwtKgpSqIRX8gYyDpegWlWHlcEOz4OwqORwWZF05hMotMRQ6Ntq3Xt5QXZYYFkb\/qHYmV6Df7nuH9EO5UeSqLNPpaABHNe+p1DGaxpnR90+UHwd\/NtsH0FID3q6bZ9XvxctJb\/DoIwjsZDycWDw3VRFV0X\/H42Xyh+5xDlXAaiFIvQkNdhroO3IapcYbg6Md7HncgV7eLzF8arQYs25WRS++IDqEDu\/+rOjItnyJZWaN0Vrpj1jCyE6cbZ3g6PwjjB76QW0txCiJ\/uJaRhpIwij\/8PmBHX\/kXNHfTIj96V6+Dc+hsW8I1E04BbaMwmfLLHffrlcTHQ8R3ATF8U\/Y0IKtadKSkj+6zIHTe55kvW08eWB+z0WNM2nQbNe65kOiwJqDPpPz0BbDlrTklp9sEwdFSjXPEXOJhHc\/8rK3M5uHXBD4xXD+6Rm6RQdiTlP104I2jM2wrTk77S3Md0srBAcddRKQb9n4XyHOWqrfbVvHKDibLesEoTe0P3DDr9qeyTQ3iNflNMza7qhQY4sabmXT9qODiYHrRbWcTL45BHL2vTwO8nhNJT44qIWnkrCV4lp0qaDQfM8rca3PX+zT\/cGeZRLHDyf50mcL1GZgIjtGIc7VE9PX5AtfywiD8ZpROEx6caJRKj\/D98NAia8b37yZn6I95seYEybTvHoqPkEKerbHgi6u\/0ZYPRpbNZhrZ8id\/zhitH6fh369TzYU3xuaW8t\/A0P94lK+bboF+w\/Q6xtuSMHH3x9UzQp7TQzqWZZ5XXc9P8RsBQgk1DR6IuhGlXmGrcCG1D51JWNudsLE9My1kXiJJ5xooh9+A085OeQWk3CJW65yUmX7hQLMmw6tatcybcXnmHUuvMAMRA\/TDUOW9C1ehOcxWRZx8myHw5\/YN5fywIinpJv3L3MMM3OqY4uX7rtO01OYCMsB4Jcw+6PcUJ\/zRQcMn8\/pmMwD8NMp7NjmsBB0WVU34b0KUDb6R8BEhCczVwjx9lnAglm51qQGChxGcC8ukg9d9xqRtpz4+S447nZ7Yu0kYLD8Pa3+fwRE7Q4\/QOegIlRIJurvP6PT6yU7vfLIvBa0FNqwp6J1NXDn3Zy74e49v+xg8BMjQD\/aKtYrgVMFhE42zFBQJMqabaa8ZMz+Y87GaNHz58bKbZkyRBbIWZSQLiZa56ISi4uzVcvfoEBoq4G+vpmOTgmii5XyxQGZoPLveFavUwbNnO70ma6V8aqS392LUUKzYSUuwhuk0FriGlY4zgnUC7aLT5R5bJhBrtekYhFhBHS0lDiLK\/RbJm2M44I3aY2tPjD1oe9RfRb1WVs2cwmNAEcGxD4MgWD4caomP4SKy\/RZeBhedag2vOkN0dvY1jPYfEzYwUz5\/gJqR6g=="}
01509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1495983428000524,"flow_dst_last_pkt_time":1495983428027911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":1495983428027911,"pkt":"ACbGCvpSABcILL3nCABFCAMAAABAADERh5O5U9pwg3KoG9ln2WcC7Ag62KBjKQ47QCBi9cd+7UScjd7A8OdeXoo0Ul45jIjmDoWZDftZ\/\/iXBJh3dWzZARFjhWU7jpRWVbtfOlGmBt4U6uWanV\/g6fDFwe7fIqVUEA6LRp6PHZitEVjBRz3W\/HuGBtfDQIYr7KLciLOXMc1nBC6OZmYLbVubceSsDOVIHEHpoX80GxFwESLL4BPGKImDBL9Ru7jMIrJJrWqrlBpJohzv7LQ2EtVk3oxV9xA2oFB0qHJCDiOJYJTiWTIrXFE2A4c3iNMc3PT+11P3riyyeFmjZkf4H+QkjDoCZA\/6FGpvX83rAj1363yw6EOma92ku\/LBz7S7yA8Q6MPCJnUT7WKEbrxy6K9q0pEgYu\/vP5kHrUEOw+MWq6hM36O\/tveOfRZIJZ1doDGpTLDzaDnMdiXf48tL\/TiXc79IRNZaJ+wWaoh2QMu336yCxI7h9jJRtrpyQpcFTjZ+dYzBHPfUaTRoC76jggFqrGdte8ROyPOhpfUwMpZOoKiO75n+I6i5DPgrE5AC3W5BSwGllWMhe6Q0TZzz2qtr61MkfJWBJbua8UXjXwvZufyKbsJlocfixM5P9x8mCHXZzmK8NONR9oAJCuuTD5fs38ZNVFsUXGRhCPhPv0j74XFohZ4+8K\/qWmqW21odLJQlZUHNcuKATXXiTKBRnWS8ZYxuRuWQmf6iB2TRfS4\/CcZJkWk+V9QjrbbMBEpeOobNWIRuuLcBNVCpmpRUOfdEN8ds790XR8BLqUS5xEXjCyWqlyl55dN9jxU3u3CHK80naW\/el45h3gdSg+8MclDMSHgtLh5fwUaetx4ejvsDbMGWF\/f5fx3r4To0mgBMT1GsC1oGrExPOsgaKTioAFqX6MAaVdM6+8+jgcFFAxvGYFjDG4Xixc604b00aZ7Jd16+leb0zt101RRsWpoiqVU66N9g0Dk30Qu5qv9x5nEaqG9wTo9SAu7MyU8Nh0aWcHImvQOZuEMAxdMAN9Q="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983428043218,"flow_dst_last_pkt_time":1495983428043218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":724,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":724,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":724,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428043218,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1495983428043218,"flow_dst_last_pkt_time":1495983428043218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1495983428043218,"pkt":"ACbGCvpSABcILL3nCABFCALwAABAADERh6O5U9pwg3KoG9lo2WgC3AOYwHfE3coRkd9vFWAurZs8jstTwnXw\/cqsx5iKbKA7woGOpEZiStAKTCSRoKp6x6\/f9Zs+BpTFgPOcyy5YAMcbffaGjwWOnT8IyeKE5n34quupOTS2uuRjCtyNCFAo8WTnSMzbi32PyJcywIUxEUQ8liTYbPgKdwTgaiP\/Hotm1mtwLDTs7hG08UqSbcXCWXNFFVPEK47MaPqwoPn2dh7mqibglI+NUfYKog17NTDVZj+waYLvcDN9j2XoImkNzUjCipW9K3ac4j70R5PFggHU36XlCSNZ2XhIjFKM00nQGI+QLoteQ8j0aZAsrLXLYsxqqK4SvGoYgma1olbSPh2W15iEFnVNfCrkhO342UfUtRpoqO2eSyqwBMxkb1F3H2m0kYUJQotA5znx3A5M2I2cLV97Zq1M5s2yfOsVLnemh3YMo8DmxGOnynqe4PdTcIIYCFlTuvlbJxcoz46oqoG4DHCRlF0dlntPGix0TitI5D\/n0YiE5bQQUU7gqIMYrd\/038O+j7JziwNwLqI9ZUNuZRL5RgmChAbYY5TtTaE7r+CtYmugTK7qdhtdAytq+kIRcuZJxzW2e+QHOyzQjzCE7aIMnqFyw73cJLJvOafzGqDIWsdusVXsa7JkhE0L2HSLACJvLruZU6SO95zxggRtnzTruoO2bZQpKHl56KP7dWrprSH\/BtWoA8QYIMdKrZ11e6dVhhfntSzlJ7oOBRzS82PQtcxITPaQUBY7kloV6nEsD123\/RYWvYnnlopmrLjY88pZllsFaRoYa+q+rxj125r8cCXiXcb20crMWSrxvWF5gSaLraJg0iySCfa0N+9TIxFXdaISLPrnQJf+KFNsm71eDJSNCihlQD114v9gJdrqDDh2zOpIECten2AFkK5gz9Y9P\/m15B6u92mwRdXwhBzI10R26F6x1VA2OCcHHQ90EjxcfGr9C9BCt8qY+zJFJYvpTw=="}
01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983428043218,"flow_dst_last_pkt_time":1495983428043218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":724,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":724,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":724,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428043218,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1495983428043268,"flow_dst_last_pkt_time":1495983428043218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1495983428043268,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9lo2WgFrCCQQfVUKnrm4XUK3wfxxn8qlQ5ZlUxAsin94OmtvvCqeiNDv9hCgysXgIe\/Jwp6foEgyUgSLwbFE+jFX5EiTbzvLxw+eE+9kkIbIypcFMAA862am\/h5EhYX9oyZgZit\/ohLFdBZAd\/9piW+TIg1JYKUHUk24mSNhkzehqNGbaa8v1XNXvCAKUf+je80JL2ztiSjDNtOMrbTSNyuOyDQhbbpaRAakKCJ88rhmRVZWPpGUvSoCLUQLdy+ls4UP9VbLIv60yNlhG\/tIZF+Y9AgYJgNK7469NXCZUoHPgebmwGoSIBvEupGZ2HWMq5tD1YtSNLd5mdcZ4U6bdW57PJT8Mqpobu5nNKCEUTKU8fv54QllT27onCmdTrjSLU7i56qGCPKz8Pmgpd+4MU1sOXlteqk11G5kxvUePU9AHDMWVZcDsBw+8w6+Ab\/JxYo4ilYPsOkX7nL+VL0USjj5AuG8wFeeDnvZeQURQeN12MuZewRpRzkJa5jIqIQqHHvEIR3I+NlcYV0IJXsrpavQ6RSGtYmR7+94hoEShFxTK6D2mPtrdLiAqRfmJptPiSWLm5Mqo0iayfkgY6sd6M1vwIpwRPc0qQOtn1doDjup9IIauyzdANQF9x2voU4Z8dsvHyVyVE9VF\/Qdb\/Bbe15\/vrLpOF+cB00\/TXrJ07AVZHqEwel\/iScs2S9kgqiIjzb1T0G6y8xlHQV7ktrErMlC4GXnRqlxWayYa4G266nN6wc0wTy9MD7G5DpqxUPZwZIrxZiMHXc4mPXA210XTsNG7LVVQM581lStiGr1a4pUZOImjoO\/gk5frgMuu6jHFgEA+vJuy5sW5lQpb37IXQqFXKKxN2z8Ke+x4zy7ALHVigelzuNCf3HZfol1uD4eeP+2tpVITMiH4O5PCcLDMT1yYFhbvLg8pREkBITQB+rUBzFhHXEVteh6noPH6hIRkDIrLyfEHdswFs6MATwSlSxKkz0QuaSV8BEXCeHOM+JmmNRCgSmcHuzwrDdDGG7eSF7kzVOXV4KPQtBdbB4rq\/rFfGJFSiBXn2huFIeNdQhj4gFtDQIfYjXMsmhSsrScwjLj7C7jg2Rwm\/XuhfLgws3rBZC6s4ClAl8Lku7gDzAWOdYgK2FafJmEnZR3NXAFEI8JF5r5ITwwBATJADMcv7GO51VLOgFAuacu5w0kk1gxapzbHcSOdPeKJB+9voPecizTzqOKMuqIngnpb\/qfLXWqnLz7U6\/\/ui4aHgWF+lKp0xsjiPYD9YnVxFJE08oruybimAl5F4KHctwad6wrnqDh7AMDE3spgEO04z6pL2VZXL\/wvq6pxHL80kORMsGZgPOmyHtPCRE5Jd+RFgmwBejwRrNJFCuLc2P622GjZ1t\/hPuud14khvjnfHdyfKsl19iLyzwv7qu0oEoiwBrYf06g7MzcULZl4XUxJNSE9RYU15rJmRxguh4eXuIOqgIqrfkbI\/\/vDyBWYyc45utTloDIm+GnDiAeigtPF4FijLPE9qVDfQilPuHMnf6UDvllbgNqo19g3gnmLroqXep+7LyRYp4sWr4\/d\/TZKaCucaaCwVm1u\/1te\/n+aOftes5xygxK+OaKehbJ47nnj4GJRcueg7KFHNq2ES0Uj1Rh2+lhguZLWYwLh4\/FPK0vdBcca9l29F4kxSaDHn6BeoZpX+wivGn5jMTbID2EPugYpELm+yXQDHU1W7JBJkdRRhJfBWIKo8UZofXK4qgL2\/MqCqF2T2\/hEjt9sAO7DVGx2T23++65+kzCDH2qiAfrQdQFlN08V17FGkydmcJibPSSbSe7aLjPjiXuGdc7ip\/LMmiTS0sCJq6zHCBk5aHilHCEqmTl+eL9Q9vwrMeAdX+cTIhD7xTxK6aeGzriTEJFQi6+ZDkO2+SfJZlZhRSLhc55JEaOH4LdN2VABhAfw=="}
01751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1495983428043295,"flow_dst_last_pkt_time":1495983428043218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_usec":1495983428043295,"pkt":"ACbGCvpSABcILL3nCABFCAOwAABAADERhuO5U9pwg3KoG9lo2WgDnO+CxkvMU5czu375VqRfqLEu7HGryDGh\/bfeaQJnEYyovrmntDxt74C8PKQJMHvY4MA1ZHuHhnLJLLc7h764zEbGLw\/vzqsaP4XOJmX3J5ZoXTmAMsXnjvJUPqVeWdg0PXJhqa6st9hNynxv5D0rpJqm0\/zV192qcE59jCUVvmB8PfyMGzNb8iu7j79YvIHCzFHzmycvx5sIdKuzv+9aaD2+9O1fWAuPwq8\/8DIg8DeQB7htbL3\/j6lwDGupSOVHCsI1+lYyNr8A5\/OFujJsJCBzKGXQVn+oJRoQMsFgr0giRTOfhVQb+GlZOLXTcVvxl6mNiWSoDQXoxAfPuixrlp8F\/MUrFtVqJYJIqlWUSZ0FHJzKiXJ5yQvwNmnsvYHqMQNW6ZCn++1tGEto8r5tq\/BDe0FvMAOQC\/Iq49d9xjtHRJaZkPSuUT0Ue8\/0Y0g7e7MLBCNRDp3pFvP\/SDROeSBv+1Hrsd3VgZ3eZsdET6SE7O+jiB1npy8XRuCERu\/h5FlX8FbvbKHJP4IXbapoGYosv9tEU2XONo65wz3MCF\/bVbrUPcOASb6j+c55C5rFZMKjA9llC2lki+5ox8NX3C0rsVb9ezbzAq4pvwBxx6yeMVlmBhRxjwXLWviN6bjb8+kKUMxdeqvtFZ90hWLG3av8x5N1D1shhjp\/Pkh3vfzESwJoedvps7xxuR16c9ku4Rlje1SzPbiXWLLd2ctB3NoWHVeTFrvLRU2yqM5LNXQpjLOWYVqndimokWzm3PvfsX2+ickLKvqhiNB8NMbCQKKllVtQtaf37M0W3hxij8fNqkfQ3Dwvv36xYQY6aA2cxZJ7cAJfgWt3+2IqzsbQ\/hOa1lDnl8uliASJ4hjXOWhi4prZ86H1uoSeDR53SAlBdMQQ3YoaLSv6kQQOXAUwHuZQi7+x\/RE5HfoAvVeNzG90OcOnL2uiCxjhyp3\/swc9NGfoqhpvTPlS\/HF6E4gzQu+uwm3Kmj7AsKixik3ciIBb6VqLoyiaQR35wKSQydm3qyc2A8RxVwJEHM9ChZNid+PGF9MC3cdjsTP6IG4AOw3VS8jLQznT38vyJvgWelWwQ+I9gJ2zh8MbfaLP+EWNQPI478wMYlCsuyg5uNNDg0lSF1epToqo6+lky+h2nAa21hKOviRtVRN8LV88QPWbYJx4n3gM4sg9yVPde6y+bdl\/hYGe1J5JIAW7OGyTqN+C43dvapKXMw=="}
01451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1495983428043295,"flow_dst_last_pkt_time":1495983428043812,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1495983428043812,"pkt":"ABcILL3nACbGCvpSCABFAALQAABAAEAReMuDcqgbuVPacNlo2WgCvLJFpGxCWbaYG6l+mUk6eULb7Xsi0O9SFk0CT9Z\/9cuh4pCGkxTAyg7ERWnm6JsM+5ePuv73wnUhv7lasIZoCnRu7Qf8+1KnvbRT3dpK+E0tfTeTUltbCCrvbF1kGdHQVjjJBnjZZ\/UZhQZaZk2S9Yj+q4vjSqBkj2wHNyK15N21i+BrNLXcOIyt0bx8qdN490zGgOOOiYDoPzuHs6qQUOR5YNhkPPF8LBcc0L7UjctIrAFr6SKr0QOmlMlaPVvkOEYtg8yYJ46xPbBp4fI4ZfSEAjpj7nNz4qMRjX5SQI2\/KK104wF8KqPhchhT3yPIGWHYKPVKZW0xxFh\/yIln\/ZDrfQw4lU1VDByspd+Cu2GCPHlAcVz6vj3kpUjeqj5Ey7iaHwV1\/lD7VUjcSTFJ7Fr\/2V67UB1FMf6FT+IWSg\/vhhpJFw48COF\/xO+FbArr\/9eZuzwhDRG\/wAA2t50qaJmxcqQrAbD2DPjO83M3juJzbO6+0wj48OcbkCvjYY5qhibllOfibbZ3c0Q0Fot+l2+0MBzlMsAVIsL6UND+lNnfJRR6J6uuiZCu4yWaa7\/RtZxy8qwDPwGStQoGHFMBjdEzTocPqElOYyR+Y5\/wNC3lIiiLD5wq6cVCSwMA05CksXAwcxm+rtzGiuN+lOU6xbQmCxbJ3cF0XzWadHnluMrRAZdMUcGKXS4JdjbgNFxOSWkeWjTpkqphfZ5SkqAKkUagCeE6M1iE6v0m9Hm1\/evezNKlOvdmnyqlF76y3DwBA9tC\/cv8XjFKE0EQ+AS5Z4VLwKCZT8R605FTCfFdVJ9Rh+jBaUJVbw6rZT4DC1Qb6muYZeYHqlvkNaQSE8CE7YiQ6cORKNUoRF2pg1zFazIOqwroYxC5nhief\/ql0RM9A98\/S+VJVdJ6+GCrgrw26Bjc\/\/IGhj4="}
02169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1495983428043295,"flow_dst_last_pkt_time":1495983428044294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1270,"pkt_l4_len":1236,"thread_ts_usec":1495983428044294,"pkt":"ABcILL3nACbGCvpSCABFAAToAABAAEARdrODcqgbuVPacNlo2WgE1Ky0g6TtBObpsPGOGJJQW0suWMljVUPagRgTUahiB4IjMQW4Tg9f5cyshjm+p29iVNftVxe04dz+cfBMCVwhcjyEFkeou0ifCNhflHKECEASMlSPHygCv0jVCXv8ZCd4sw1DV4qkJHpNuqDzIOeMO5kigXd6Zr9\/kVGFNbYATiJ\/4\/d07Ys9tYVMMU9+GZLsw5TEeonc6JkgLf1Ag3YWp13STJFjkXmUQQEmCx7jMF2zuyFMW5l\/1l+DbcCnhmbrBjbCGgGFI5zBwsgztvAY5qYKZmeQM416lrSfO\/FAzqiwFmco4KFBkS27f0df+2LqiHW32UmxNTIO7nt7Lxv6feXMiqoigaWWhN1NpH+olHgBkDgRLRZR4izZRSb8NUu3oEYl7mity8XB29TfUHGUnr7zFV+ThMWXOU3y0zQ9o5ikDE7I+WgQ7I9UyX6BXcM9EDJAd1\/ntbLOCFZ73uP0F0pkt2EO0wYonWlaz4t\/h2ZlpNEogqERgZVlvsXJ3cypRCK7BJ2hkH0cxa7zmtpQWpxgzM1azMgu0Zgp5HWBZKU3HSw1WRpTgj3+b1F+M1u27lyVKPP+KJcO6xdB1JrsYND9NvH6gEBt8cFgwPuzeHo6wCDKovtGsN5fvYwZPB4Hh6PHHNRhCh3AasN9rEPpw8JY5BDOCRAAA3iiYGcBaPnZ0toysnHlF65SS7yd3NDlqep+WAUSHRxxU8yzD1fmlWf4vJglbKskZhPmmm3GZR4YD4PkDqxgwkla64kkcOD8ccSMwfZnv5Z28h9GnGF+kQBVOLMIb7nl3z3N+WVKF7N25EEZzkfhSx\/h6janHpbhx+CdQ4ITvm5cu4+8facY3f2FOR816OA\/QfBn0tfLB1974fZP1fYqUFGo7KoCBhYIQ2ACsS1WRnIV4NYdcX1uMmVf50b3HtIK4sV9yKgJdfmD+EV7ezZL2MeV0LYarWre0bgnjKAVFDY0UVHIc4kmK4sxUN5+iakUFgwhsrVeTwJsaXHUfixNVEmgrP3Jf5kqIPeitYRaU0E9kvujkfFBcX+w8r42EXbRrc61L5X1Rd01DEE+9On2z6e4vX+Equt5\/m2UdWD9O\/PpySdoiKsCe5pDggSnynFF+FOXuAnWEI0mpUVDmqumkpCDb8c2ERNo+A5Vxs9qjD6tLD0yLNOCE7qhLjU+bSCS1QOoJGuQs7qxOb0ZnBHAZHFaf0+B3HbB\/tXNawHGqfKAuiLM3txkOqXcIGBq0CVbdYOikKqUCQDWCB\/HeQEArr0ZW4yzfSrIPnpD1p0UVQ7wuqY9xXo4VLgsQR04gQLlJTUWVifMLbu3sAYHYrE6\/npTXS49H\/RY+ihrdGLN15Bwl7LkO6NlZm6aweckyA0cEuiwILQ7jWNd+fOXd3Ku1+dy2u25uV3Ez96JUM99NWNXBgebQa4mwBzMhR8Am75s\/KFEWAx1uA3jAG0Au+UTmHis+TKR59uUQJqHwgArWpwhKHyUFC4HHlXQKBnS9lutaV4lAOTGrmQVS0MDRQzqTtMhIAKY2b3DrwAXsov84LvryNSH009x5WiK1x6IzMLQpKSIgJCfUvBojuUi\/zAx7ICX+r2u1iKgemgZssbZF6IAXAyOQb8CxNvxnmB00hq83N\/933x+Cg=="}
02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983431160747,"flow_dst_last_pkt_time":1495983430158623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":19148,"flow_dst_tot_l4_payload_len":16284,"midstream":0,"thread_ts_usec":1495983431160747,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":171568.9,"max":1069532,"stddev":377387.1,"var":142420983808.0,"ent":2.5,"data": [157,27472,47,25,27522,244,68,237,181,126,15445,30,41839,33,23,1057953,304,258,1003680,53,1840,184,45315,102,25,1024085,82,1069532,137,1001358,279]},"pktlen": {"min":176,"avg":1135.2,"max":1496,"stddev":450.4,"var":202833.5,"ent":4.9,"data": [672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480]},"bins": {"c_to_s": [0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0],"s_to_c": [0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0]},"directions": [0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0],"entropies": [7.665557861,7.732561588,7.082343578,7.846774578,7.752214432,6.906925201,7.855091572,6.755141735,7.856310368,7.846433163,7.747685909,7.710433006,7.733560562,7.868661880,6.790736675,7.858621597,7.869617462,7.873907566,7.874854565,7.877315998,7.870153904,7.874608040,7.878478050,7.845719337,7.883452892,7.855854511,7.886187077,7.874522686,7.870358467,7.871251106,7.874283314,7.868322849]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983432571150,"flow_dst_last_pkt_time":1495983432526055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":20512,"midstream":0,"thread_ts_usec":1495983432571150,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":290670.0,"max":2412459,"stddev":558680.6,"var":312123949056.0,"ent":2.9,"data": [50,27,594,482,207,142,1049148,39,24,1048033,86,239,119,120,91,44079,43,25,1044735,279,1021999,20586,1001463,275,241,363633,1001240,149,123,2412459,39]},"pktlen": {"min":104,"avg":1011.0,"max":1480,"stddev":450.3,"var":202783.0,"ent":4.8,"data": [752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360]},"bins": {"c_to_s": [0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0],"s_to_c": [0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0]},"directions": [0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0],"entropies": [7.690577507,7.881368160,7.775002003,7.728326797,7.851398468,7.867018700,7.774654388,7.831391335,7.688314915,7.329430103,7.812694550,6.669548035,7.843146801,7.557564259,7.679370403,7.194211483,6.957363605,7.850227833,7.572175503,7.873534679,7.858608246,7.866045952,7.839975357,7.845044613,7.866905689,7.841031551,6.193184853,7.882274628,7.896846294,7.859506130,7.852632523,7.876025200]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983475109122,"flow_dst_last_pkt_time":1495983475109062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":3036,"flow_dst_tot_l4_payload_len":2354,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983475073125,"flow_dst_last_pkt_time":1495983475073073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":2339,"flow_dst_tot_l4_payload_len":2308,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":317,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1495983475109122}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 317/317
~~ skipped flows.............: 0
~~ total layer4 data length..: 338229 bytes
~~ total detected protocols..: 4
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6662036 bytes
~~ total memory freed........: 6662036 bytes
~~ total allocations/frees...: 114380/114380
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 527 chars
~~ json message max len.......: 2481 chars
~~ json message avg len.......: 1503 chars
Powered by cgit, Themed by Ted Yin.