1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155638474128,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"}
01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1527155638476527,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="}
01076{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155638476527,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","dns": {"num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1527155638483176,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638524866,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638524866,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"}
00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1527155638525136,"pkt":"MAdNo1+nAA6OMNv9CABFAACAM+lAACYGLnA0AP1lwKgAERCUgbhNDRRo2B+UZYAYAIyDiQAAAQEICveUYGwAIWBCTAAOAAAA7ZKoDv3w6OEJqmeEcnEl5cUBQprrMM7Rp8izc+yMxyWcB68VLspY31LXwDQ0RwmmKdwU4EmaqJ3KShawrAeJ2amPhoabWg=="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1527155638527168,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638527168,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0vbJAAEAGivLAqAARNAD9ZYG4EJTYH5SdTQ0UtIAQAtpoeQAAAQEICgAhYF33lGBs"}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639005882,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639005882,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="}
01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639005882,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network","hostname":"app.adjust.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1527155639008484,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"}
01097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155639008484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network","hostname":"app.adjust.com","dns": {"num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639234839,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155639234839,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"}
01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639234839,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00956{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1527155639237450,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="}
01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155639237450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639240854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639240854,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639240854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639240854,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639414725,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1527155639417273,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639417273,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155639419114,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639592888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639592888,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"}
01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
01560{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640085923,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640085923,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640261254,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1527155640264334,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640264334,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155640275168,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640450457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640450457,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"}
01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640452297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155640452297,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155641574870,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="}
01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"media.cdn.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641691221,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="}
01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1527155641691221,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"media.cdn.viber.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641697916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641697916,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641697916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641697916,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641714003,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641716061,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641716061,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155641717778,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641733771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641733771,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"}
01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
01477{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155641813689,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"}
01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"dl-media.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641840131,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="}
01076{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1527155641840131,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"dl-media.viber.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641845544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641845544,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641845544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641845544,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641865014,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641867207,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641867207,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"}
00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1527155641868230,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641887306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641887306,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"}
01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
01479{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}}
02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":8869.6,"max":47784,"stddev":14735.4,"var":217133360.0,"ent":3.3,"data": [19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080]},"pktlen": {"min":52,"avg":714.1,"max":1500,"stddev":673.4,"var":453425.2,"ent":4.3,"data": [60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155644240774,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644240774,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644243647,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1527155644244636,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646819778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155646819778,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646819778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1527155646840307,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="}
01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1527155646840307,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646850574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646850574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646850574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646850574,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646851668,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1527155646855196,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646855196,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1527155646860573,"pkt":"AA6OMNv9MAdNo1+nCABFAAI5QKtAAEAGczPAqAARrNkXTqq2Abu2kyjV4Kxf1YAYAq1z5wAAAQEICgAhaICjjizLFgMBAgABAAH8AwNBPsdw19xPZmwn4MTofE7KpZzlehZ2ryKsHoehtt8SkyAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AEwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAABgAFgAAE2FwcC1tZWFzdXJlbWVudC5jb20AFwAAACMA2gB3xmugirq4ty3TFMj+47dZbYBXktcQ\/Fy823lCDlYKB2I9H4xj09kCGfGET468Pn7WKGmpHa+d4io34b79G4zdduOMVQjYCVWJd2+svjjieR2WmccqyJfAVJDiSGaILG39AMxmPrLGKG+W90qFvZ+sjOk1xBxZC4lq\/vWERh9dI8LaVYFE2i7VMlSVzcW5MKdEpuvpZDk7ugj4\/NffY7m0Pt8V62OtFaSYvEHuUpsBuuh2p0N2Bnn0v0DCnV5O+4x\/YpKAcbs0\/4gq2kI7gwNYwqLZdKvB5cFAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAYABUATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646860573,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646861661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646861661,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SUsAADoGspis2RdOwKgAEQG7qrbgrF\/VtpMq2oAQAKrpygAAAQEICqOOLNYAIWiA"}
01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646862539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1527155646862539,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968117,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_805741c9._sub._googlecast._tcp.local","mdns": {}}}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646968177,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968177,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155647500374,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500374,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155647500374,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500402,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648481643,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1527155648481643,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="}
01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648481643,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1527155648506661,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"}
01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1527155648506661,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648513495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648513495,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648513495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648513495,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648523699,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1527155648526879,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648526879,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"}
00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155648533128,"pkt":"AA6OMNv9MAdNo1+nCABFAADscjJAAEAGbjnAqAARl2UBgtnCAbvgBRguc5vxF4AYAq0GIgAAAQEICgAhaiLIDMgpFgMBALMBAACvAwNMJ7CvztfSmUaRPcK3z4cAvGSi2\/cpgw4T9New8B2\/AwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAbABkAABZ2ZW5ldGlhLmlhZC5hcHBib3kuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648533128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648543275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648543275,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0OTlAADoGreqXZQGCwKgAEQG72cJzm\/EX4AUY5oAQADvpRQAAAQEICsgMyC4AIWoi"}
01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648544884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155648544884,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1527155666982912,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982912,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982983,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
02039{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155670525718,"flow_dst_last_pkt_time":1527155666299937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":2467,"flow_dst_tot_l4_payload_len":404,"midstream":1,"thread_ts_usec":1527155670525718,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":1934444.6,"max":10701681,"stddev":2902413.2,"var":8424002682880.0,"ent":3.5,"data": [54240,95930,270,43992,41788,57048,16087,92087,91609,10563926,10701681,4192149,4152724,4422076,4422070,309467,309552,21641,197002,97,215011,3974475,3934854,3635331,52554,3635290,52615,12721,140816,167507,4361173]},"pktlen": {"min":52,"avg":141.7,"max":582,"stddev":133.2,"var":17739.8,"ent":4.5,"data": [153,108,52,128,52,494,116,52,120,52,149,52,146,52,146,52,391,52,150,52,136,52,146,52,146,410,52,52,150,136,52,582]},"bins": {"c_to_s": [4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [6.431744576,6.016238213,4.829590321,6.209959030,4.955154419,7.559208393,6.096168518,5.008132935,6.149723053,4.916692734,6.302158833,4.921030998,6.449830055,4.959492207,6.525306225,4.921030521,7.398088932,4.997953892,6.476407528,4.969671726,6.289449215,4.997953892,6.509795189,4.997953892,6.393223286,7.421437263,4.997953892,4.997953892,6.452959538,6.382457256,4.997953892,7.597495079]}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670632131,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670632131,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155670640484,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155670640566,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670640613,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670663972,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670672314,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155670673581,"pkt":"MAdNo1+nAA6OMNv9CABFAABofVBAACsR+pISyQQgwKgAER8xuEMAVGj37fYMAAEArBk1jI9k5EcyQ3xeQ7iuOZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670673838,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155670673838,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671066998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671066998,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671066998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671066998,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="}
00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155671140889,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfNBAAEAR5NXAqAAREskEILhDHzEBCYn27fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABACAKg7kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB0003hcgpcmSdQZoJFj9c3crNvbbzPmA66eL1DRMEucxiwDMA5JhH5EzU3oJcu6XrgTfyNvrAIA0DorhgznjXYQAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155671173842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155671173842,"pkt":"MAdNo1+nAA6OMNv9CABFAABofl9AACsR+YMSyQQgwKgAER8xuEMAVG317fYMAAIArBk1jI9k5EcyQ3xeQ7ioO5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671237849,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1527155671240677,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671240677,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"}
00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1527155671250450,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671421054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671421054,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"}
01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}}
02215{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155675775126,"flow_dst_last_pkt_time":1527155675692683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2947,"flow_dst_tot_l4_payload_len":930,"midstream":0,"thread_ts_usec":1527155675775126,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":129,"avg":328607.8,"max":525007,"stddev":210300.8,"var":44226416640.0,"ent":4.6,"data": [129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810]},"pktlen": {"min":48,"avg":149.2,"max":285,"stddev":100.4,"var":10086.1,"ent":4.7,"data": [285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677865795,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677897422,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679410348,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679410348,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155679411371,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679411435,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679413920,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1527155679413920,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679413995,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679443071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155679443071,"pkt":"MAdNo1+nAA6OMNv9CABFAABopnVAACsR0YoSyQQDwKgAER8xlS4AVO7dBbgMAAEANRj1GJhk5EcyQ3xeLpX3W5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679443387,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679443640,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeDcSyQQDwKgAEQG7g9B0pK754BrfMKASaN\/EGgAAAgQFtAQCCAoA5FGtACGISQEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679444692,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155679444692,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679445375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679445375,"pkt":"MAdNo1+nAA6OMNv9CABFAAA+pnhAACsR0bESyQQDwKgAER8xlS4AKrsaBbgLAPtbkpFjAQAAwWCSkWMBAAAAAAAAAAAAAAAAAAAAAA=="}
00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155680456436,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155683480847,"flow_dst_last_pkt_time":1527155683453495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1527155683480847,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":261664.5,"max":531417,"stddev":244884.4,"var":59968385024.0,"ent":4.1,"data": [2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424]},"pktlen": {"min":40,"avg":129.8,"max":285,"stddev":99.7,"var":9932.1,"ent":4.6,"data": [285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0],"entropies": [6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685097548,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2hAAEAGC9fAqAAREskEA4PQAbvgGt8wdKSu+oARAq1TiwAAAQEICgAhjdYA5FGt"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685130784,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0\/ypAACsGeRQSyQQDwKgAEQG7g9B0pK764BrfMYARANI\/LQAAAQEICgDkZ+UAIY3W"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685529875,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155685529875,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685529875,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1527155685530485,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"}
01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1527155685530485,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}}
00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685757293,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757293,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685757293,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.196204}}
02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757669,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757669,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network"}}
00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":22,"total-detection-updates":20,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1648952182644000}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648952183355000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183355000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QZ5AAD8GBojAqAJkNAD8kb4yEJT33RMWfeqQX4AQAKy2OQAAAQEICm8PUPPnVjzb"}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648952183458000,"pkt":"eJS0JASgYDjgxTWgCABFAACUQZ9AAD8GBifAqAJkNAD8kb4yEJT33RMWfeqQX4AYAKw98gAAAQEICm8PUWHnVjzbYACt1NwX\/P8DgFkACgAAAAAAAACt1NwXqfy95n8dmIxsOcPbEcApVCIa7TQDCAAAAHxwKcmDlptZSFIqb2LFpylXQd33SzJWC9HYL+qoRBViMwBU+bGR6kn7TggAAcQJ"}
00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183458000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"}
00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155677861045,"flow_dst_last_pkt_time":1527155677861880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":4027,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155647390408,"flow_dst_last_pkt_time":1527155647386682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":8517,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757669,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":1480,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648748347,"flow_dst_last_pkt_time":1527155648703720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":842,"flow_dst_tot_l4_payload_len":5637,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":26,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155685200876,"flow_dst_last_pkt_time":1527155685199809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":591,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":4451,"flow_dst_tot_l4_payload_len":1066,"midstream":1,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":26,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155685200876,"flow_dst_last_pkt_time":1527155685199809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":591,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":4451,"flow_dst_tot_l4_payload_len":1066,"midstream":1,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":46,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155647484603,"flow_dst_last_pkt_time":1527155647480622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1725,"flow_dst_tot_l4_payload_len":57043,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network"}}
00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155677899869,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155677899869,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671891651,"flow_dst_last_pkt_time":1527155672061967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1957,"flow_dst_tot_l4_payload_len":5620,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":18,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155685088302,"flow_dst_last_pkt_time":1527155685041978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":3294,"flow_dst_tot_l4_payload_len":1116,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155680789409,"flow_dst_last_pkt_time":1527155680788117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":972,"flow_dst_max_l4_payload_len":818,"flow_src_tot_l4_payload_len":4341,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1648954023554000}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1648954023691000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023691000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06GtAAD8GYEnAqAJkNAD8AqDgFHo59lPNNas2PoAQAKx7IAAAAQEICtdSBfViDhmE"}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"}
00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"}
00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1648968035683000}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"}
00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":223,"global_ts_usec":1648968035683000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 451/447
~~ skipped flows.............: 0
~~ total layer4 data length..: 126369 bytes
~~ total detected protocols..: 25
~~ total active/idle flows...: 29/29
~~ total timeout flows.......: 4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11708012 bytes
~~ total memory freed........: 11708012 bytes
~~ total allocations/frees...: 217439/217439
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 537 chars
~~ json message max len.......: 2483 chars
~~ json message avg len.......: 1510 chars
|