aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/vk.pcapng.out
blob: 1e3a097e4f1e245ef5420b78ca16de7126ea0738 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675334160555793}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1675334160555793,"pkt":"dNqIE5X\/CI6QkAulCABFAABYkT1AAEAGDU7AqAH5V\/CBg4RwAbulKVT5c9gL4IAYAfUCFQAAAQEIColQoiPg\/q3hFwMDAB8CiHoHbb46sk3wEVp76KY8pTJ63EhTj6jLGV9BFA03"}
00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334160592919,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":195,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160592919,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160592919,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1675334160592919,"pkt":"dNqIE5X\/CI6QkAulCABFAAD30ZRAAEAGzE7AqAH5V\/CBjJ2YAbt3uNOrZ8uCwIAYA4pOgwAAAQEICvi4p7U7V5ljFwMDAL7d2mkbHT+SG\/TNvRCQYdZZbXLf4k54+aD5wytevMQmkdfjQImUiOKTrhzfKmD5N3xVogFUPXNBRLBkkvK8NYeyqjVK3H6jVrfeXh2IAZL7eARsJUBAbl1AfryaOnTT169cKdq4IMIzrhJWzX2ObP1vkNzx9uj1tnTuuPqgcKpjJeu1IrA5JNKiOwaG1YvYZOqmmJa2wgFQpzxX6ZtwO2oWb3ee0yLVRHFOx7osMVAndGsI5oLPWwkC5UtdSG\/w"}
00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334160592919,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":195,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160592919,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675334160592956,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1675334160592956,"pkt":"dNqIE5X\/CI6QkAulCABFAAFM0ZVAAEAGy\/jAqAH5V\/CBjJ2YAbt3uNRuZ8uCwIAYA4opPQAAAQEICvi4p7U7V5ljFwMDARPUQc1K30eP6LOJ3BSwDNaAWfPcdoYViXSC\/U3seoPSg58ot0FWn5bR+KmhSfHu0AJ4pQjmG4wzCt7B75h8Xvrs630P6YkUohHbEKDea78dex9Juq9WC92+Eo5781VtYR3XIgsau+Bw0D\/OFbZf90nr2X4swR74cpHvkNDFHxnjRBufPExoK6ErUCVq5TsPLS2DQE18h2cJONTBb5azukEUdVoT5rsi7lP2KgGI5TORNxqTv52Dr\/YX\/N0JOFR5WB81l0CvzNCA60KbpRtqWK332Uw9LE\/Cu6iS8Ta4YUS4jkzN1j9iEmLidTNbNe7qNb8NsaPQ8R1BhFz+YkClgfZOvjEm1CfL\/dgrBPFcDmxVgaxNeQ=="}
01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334160592956,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":195,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160592956,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1675334160607285,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334160607285,"pkt":"dNqIE5X\/CI6QkAulCABFAAA00ZZAAEAGzQ\/AqAH5V\/CBjJ2YAbt3uNWGZ8uC44AQA4pm6QAAAQEICvi4p8M7V70W"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1675334160630283,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334160630283,"pkt":"dNqIE5X\/CI6QkAulCABFAAA00ZdAAEAGzQ7AqAH5V\/CBjJ2YAbt3uNWGZ8uEl4AQA6BlAgAAAQEICvi4p9o7V70c"}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675334161608529,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1675334161608529,"pkt":"dNqIE5X\/CI6QkAulCABFAABXkT5AAEAGDU7AqAH5V\/CBg4RwAbulKVUdc9gL4IAYAfW7yAAAAQEIColQpj\/g\/se9FwMDAB7J5zdyr5RUlSKtHN6N6ctnuIsLBVovF3tB3Ey94tY="}
01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334161608529,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334161608529,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334161630633,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":586,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":586,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334161630633,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675334161630633,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":652,"pkt_l4_len":618,"thread_ts_usec":1675334161630633,"pkt":"dNqIE5X\/CI6QkAulCABFAAJ+MQVAAEAGaJXAqAH5V\/CETuwUAbu8RxnLB\/V8fIAYJD+\/eAAAAQEICtCCYsNlMA+GFwMDAkUdlYMHTXKvpji6kSvN+L8\/a7BvY3NXhPAwVB0t7hkZM9FH4EV65LvdbTjIn\/ulzybr4DBgepEzs6rZQfDBcQTCMQkMFNdD30FJEvWdfl80w8uXqr2MoAzGAmn8nNsJQAi6GYSRuEDRQHsiwnM8PWA699htAszghQerSadBKu6mqB6USHeapWWmZvi\/XyZ+PQA2uT0I4wMYYFYNTmMe8zIjNeNn7PGilxAmv+w1DQkEAXmQlOVX4w6jK3Lyx\/vmREiM265vBalhElfIGYMyy9hQ2Gyq6oM\/e9FNAed98OpoFTeLJds\/pbpbKIh5OM2Ea+85mEx01gPQz8gzT7hEQrAaqHxkX9qawnXIdatkSALuXbk6+hBBB9nPAFGvfE2XEEJ9jCtXUX9a2QJdatdjEI\/wnJbFXqopgi98Eusf4VZ\/iZqCyyYehWqHA3fTozhbmBo5h4f1SmwT8oHnbLCUiU0NRc0lA+cbMKx7jv21Flx\/joiyl6ApPaWlKIuIiETkB+ojfDURYMkDuiS2RWNxLq1SBjOt1YwXYcjvrgBHKSg7\/hCF2PKNr26jiINTSTS\/5tbixt52AdN4JwWrsOZtr\/gdpLOIKcdpWxSr6nYyxeSsp26zeWvUSkXaEdnpH2BsD4ZR1Nxz5LSSDDE+QjN6XHbOxXFBBWz09UQp5J0Ursvr9LMIUC0K2XzaSygQJ0nElcXsbYJLSWMIkDIB\/SuqWggTajJlamiHMN4F2lHs80\/ZopO5GKkaJ\/h7WNzUTfE2Ird+1Jx8dw=="}
00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334161630633,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":586,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":586,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334161630633,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675334162636912,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1675334162636912,"pkt":"dNqIE5X\/CI6QkAulCABFAADw0ZhAAEAGzFHAqAH5V\/CBjJ2YAbt3uNWGZ8uEl4AYA6CDNwAAAQEICvi4r7E7V70cFwMDALep0+Mnw4kzh+OawT\/d4qUGpeOfd\/U9mWHhjKnOJ3IVBXtT7tnukqSkEhPj14DBuaPa8wfZ0wAz5gGiruJhTkVU8x+ODrKEtcbEU9Y0s1jWSmPD0XrLdcRDhyS8S5VotRyUr6TubZFnuYjoh\/Hckt2DjPIUlKceJTthB6iRUaEkKJqviQc5b0b6U5F34PAT7KQEwC87qTvq+fuaUnkTCJtFLBTYdn3QDFP5WqCcSpwoE2gEoU11oyM="}
01502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1675334162640615,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"thread_ts_usec":1675334162640615,"pkt":"dNqIE5X\/CI6QkAulCABFAAL2MQZAAEAGaBzAqAH5V\/CETuwUAbu8RxwVB\/V8fIAYJD+U9QAAAQEICtCCZrVlMJfTFwMDAr1JOj\/8NMkDD62HYy9NBaBdjTmml3trO00BFB7KBSbX8G3sFiT1fSTqWnNTudNlpEhtwcKCuFLbpXX+RKTndGZoi2K\/iedMvPLmUuEenYy6dDZH3RsE3nlLiZo4SIaOeOn3urUhsTM8ctPKgcJl46FDIiodiZnKANmUQgNqnQQguPDFYNsfONw3uIr68zn\/r9lRzJDrNP8cbp4pOoBLrtMsM\/a6sXEOAV9XK1OLo8WOQXKWWKdHwltcEHS\/I+2i5Oork5T0kNiR4kPLPEXp2eovXxYpVNyRQFaYJh0UmECuIk614nHKd0BdyDixk7na5rNJFIwKL+BAtLuHwrKqjw\/c+jTnOuzUon5FPrD+MfsJTzIdwYUUmNqoEuPIWVIGNXj7jX6GScgeGN\/3U2j54P50Kul+GquR7cTkffSqpLmZ4I5rUG8nUT\/QwG9FTiVhbv0Q7HWKiOLO3zxbHbyGtQph2dnMkD3aVbhr35pfHICV7PdLu9Fib3r93w0iVIqyDmZgEfKn3YWlePFNOBtiIJQXeSjWRIvX3GMTPGZXCzRNtSwATOGVLXmGSGx2L3\/y7XtfAUgB9jN2B6eftLXCEUdhJFlqLb2iL21mtBRGe9hxHF\/vB3iWOxU0c3pxJfelVn94BSxKu8PkKxzR4Wwy7+f8HoW3jMcPsE7Np1goAP4mM2NO62E9HgDaOTfO58VYGoib7oqBKhBSmHgqDh30o0QS0wSkwzFGCLNRNXVFpl4tJOtRDNdWIdeo4dQYPZuDRNJ\/JHnchn4RAa66gijd4x44XiikXyKM9ZrIns8iyQ8nLpJUtf+aUZ8T2mIX1uY1Rdaz3sBjUXjroSZEi7q3zd2DrljXHoar5qgxP15SAyOwqPWdRCW5+s3L500m5h1pXZIT+tLgQ6xc+aY5yYAm\/HBsLs5+FcNw87i\/6k\/1qg=="}
01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334162640615,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":586,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334162640615,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1675334162655237,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334162655237,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0MQdAAEAGat3AqAH5V\/CETuwUAbu8Rx7XB\/V9KYAQJD4tgQAAAQEICtCCZsRlMJuZ"}
01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1675334162670570,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_usec":1675334162670570,"pkt":"dNqIE5X\/CI6QkAulCABFAAJUMQhAAEAGaLzAqAH5V\/CETuwUAbu8Rx7XB\/V9KYAYJD\/9BAAAAQEICtCCZtNlMJuZFwMDAhtY\/q7BUk5TAeZkuwnSkaIBm4q8UbCv2G2pS+i\/0lp4moQ5jc1ymK4zf5EvMCN35RZlcnbVs9Gr4ytW7if5PDTv65d3nakpYg3wIpcGoMgF0wqfq5o5+bY0yDpLP0s2QDGcRE9LyJU2w+6e+HGAfbntfu3jungPbzXYkSN8hAOq87Q4B3PFoTo6Qidm2Z01spuRv4VCgMsRoRXoOi+MD33t2BI96jQr5ArZOE0gQRJOZ9ahwMFj9F0dOePIkyLvkMzhydJbFAhjpqwWYHaG44PJImg61oISUxg2CZWplApOQoQWo0uLbnCi4L1efczszW8Y0NCHfDHERyEP9LSwPbFAqVKzp1V00t2gI1wneiPo9bvLxQOqop7lw0lEeWA1CpTOPIZsOKfBjhQZh0thmx+j3KrgA0hxDuh93TE0l995qVN7OdnsHXzbLf1T\/YAjttdUEx2ep1SU6Sa+xag6BUsmuDpucoVQLFVE0DpLxBfCqB5xnNcyL5IkgOj6wlZ2yV\/uDIb6JUF3US+5dtxFw9qN\/8w7+uYsDkFU7AMEIj1fgJlnli8seRRR+Tir5IgpfgKaXV2\/AszNYTY3ymBNrSjwRZVNclOllo1FNN+YKcnOBHJssXNqSdRF0toNr6yiUnquioLZVUMARFPnTVg2dAwIVtnpRDC6D3SKApSHH+zfYtjMA9LZ2bJGHpdQHV0FBhMnYpqPKKBq5G8XNg=="}
01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1675334162672319,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":515,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":515,"pkt_l4_len":481,"thread_ts_usec":1675334162672319,"pkt":"dNqIE5X\/CI6QkAulCABFAAH1MQlAAEAGaRrAqAH5V\/CETuwUAbu8RyD3B\/V9KYAYJD8KxAAAAQEICtCCZtVlMJuZFwMDAbwgQ3L6I9NhaDNw6UhntKLmQIsVYWbdcbUVQvkhoF9k+WaG\/GQZxVdBrctZ1wzjmJD+7ZFlWgDKpb4DkUsA5upIhc7a4\/9EUqwrmGOJDwYzUJB5owou4Tysc9csr1OatCeiNkcofDiJoC+bQDE32ozrAWogfeew59JJAPi6J5EytrTpmQQ+YnWBA\/8iCi4XfimU2ZiaHgMHCD21pO4mHImT1\/jAUTq\/1GH08VkAZIDze1mbZy32rhOAyG5W7jqkxVvInIq8OyVJKSi3wtxeO2RYuZi1P0aAmiGgViMJ6tH2+cjXkD4ts+iaafMmiuZkDGl\/jNM399RYjBjSiwZsQWfs3Z5qTUKgpu5hB4RRVEpKZpMRJY7k4SK8EUYard4HyVkQO2t9hJd2zoxRIyCDh37iSBhiY97MJsWhkqWCQ8rSyPsCsd4ES0j4e7sSJyWBy9xjT6HyL0cu9PDjjTTqGC88QFJNAP\/ZgdQV26m0Ev\/zHzIRoPERrjAp4EwRWBDWI843JTMrxhgXkQE2R7nY84alQ4A8qiVtqXNXWpUDBw\/oSlSpt3twoVUcme4EO0ePtBtkV7LyPiaypqmomHk="}
02232{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334162970119,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334162970119,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":43209.2,"max":1009982,"stddev":180973.6,"var":32751437824.0,"ent":1.3,"data": [1009982,14622,15333,1749,16345,26,12,11,29,15083,24,227705,48,13,11,2653,38,12801,28,1545,20,9,1508,1138,1634,11081,2465,1543,41,782,1207]},"pktlen": {"min":52,"avg":125.3,"max":758,"stddev":191.1,"var":36507.6,"ent":4.0,"data": [638,758,52,596,501,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,64,64,64,64,64,52,52,52,52,52,52]},"bins": {"c_to_s": [28,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.658514977,7.774987221,5.246409416,7.623703957,7.570796013,5.246409416,5.246409416,5.246409416,5.284871101,5.284871101,5.207947731,5.169486523,5.246409416,5.284871101,5.169486046,5.131024837,5.284871101,5.246409416,5.169486046,5.169486046,5.246409416,5.259624004,5.259624004,5.247828960,5.259624004,5.290874004,5.246409416,5.284871101,5.207947731,5.207947731,5.246409416,5.207948208]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334163910616,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163910616,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1675334163910616,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334163910616,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8M1FAAEAGM1DAqAH5V\/C5iecSAbu7eFLeAAAAAKAC+vDPqgAAAgQFtAQCCAoIy6lZAAAAAAEDAwc="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334163912330,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163912330,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1675334163912330,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334163912330,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8NrJAAEAGQG7AqAH5V\/CpCoDeAbv+rdTPAAAAAKAC+vDONQAAAgQFtAQCCAqGVd7QAAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1675334163924007,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163924007,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1JAAEAGM1fAqAH5V\/C5iecSAbu7eFLfUNdjUoAQAfZ4HwAAAQEICgjLqWdPxntE"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1675334163925396,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334163925396,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5M1NAAEAGMVHAqAH5V\/C5iecSAbu7eFLfUNdjUoAYAfYVNQAAAQEICgjLqWhPxntEFgMBAgABAAH8AwNnbUUms7QYWRlqCZNhNSMraTYFvfiT1A85uxUfa\/O8cCDBLnOZTAAYcYr0\/ZDxJkl03RMY1c1gNEN8N0xr1smF9QAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTEwLnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKoswRjGbmCmpaxXSEHLvgd++No7Y14ZlWcFQ1J670JSABcAQQSIWxKfrT6sHQH\/lzxjLlsogxYMOxPXqUCRO7qDFvuXs\/ftLZkNDJWV+OuzkKqoYDx8nyIJtAIkk4FYjTOo9jfIACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334163925396,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163925396,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-10.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1675334163926309,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163926309,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0NrNAAEAGQHXAqAH5V\/CpCoDeAbv+rdTQ0FRQoIAQAfaQUwAAAQEICoZV3t4hlCMC"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1675334163927880,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334163927880,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5NrRAAEAGPm\/AqAH5V\/CpCoDeAbv+rdTQ0FRQoIAYAfZwxgAAAQEICoZV3uAhlCMCFgMBAgABAAH8AwPYFC3+HLk+ra42QcRcW+4vj\/uAmRrp8TDn4tmDyIPkYiAyRnNxjUaEMd8VVhp20b\/ufXj4kauUhbWcflfaoiUJawAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTg3LnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOwK9qkxQoqdTlDuQKN96mzTVqQEPRPgZGelrus+MfYTABcAQQTrzqy1vJ8S5Dgj1CpKyIZ8zOVBKyHEIDa1+XZMd2VVJBbsoBLB+jw5+4njgJd1++yvrVZi8LCuDLcNUbR\/5\/BnACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334163927880,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163927880,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-87.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1675334163945166,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945166,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1RAAEAGM1XAqAH5V\/C5iecSAbu7eFTkUNdueoAQAeBq4wAAAQEICgjLqXxPxntU"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1675334163945189,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945189,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1VAAEAGM1TAqAH5V\/C5iecSAbu7eFTkUNdzUoAQAddmFAAAAQEICgjLqXxPxntU"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1675334163945204,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945204,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0NrVAAEAGQHPAqAH5V\/CpCoDeAbv+rdbV0FRWNIAQAe2IoAAAAQEICoZV3vEhlCMS"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675334163946162,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163946162,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0NrZAAEAGQHLAqAH5V\/CpCoDeAbv+rdbV0FRbyIAQAeKDFgAAAQEICoZV3vIhlCMS"}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334163969940,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":633,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":633,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334163969940,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675334163969940,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":699,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":699,"pkt_l4_len":665,"thread_ts_usec":1675334163969940,"pkt":"dNqIE5X\/CI6QkAulCABFAAKt7sJAAEAGrW\/AqAH5V\/CBh9y4AbtyCJHaMVFhQ4AYAfXNvQAAAQEICuMyrjHsnrnbFwMDAnStFd6I+0EzFwg7O+ISwxIgvXV+d4RnahjLy\/P57VnX1OiGBLgePby\/LVFt8YtQZJw2EwBtlGQJ9iNwGQauAK3D2hpXESXV7t5DV+evfHj0RqVvWyy229aStp1ZOM20Zn9zAcMcYn\/VWEyDz\/fngaaCj026q5GNpxIjk9Vvvo6dyOr1\/k\/JNf+eu8IQG2F4cifE29SzOUtg84K62Q4jIDtbIsMk7pt+Mx1TcGZAhY8KLXPd4l909uhOSNXFj4RLwai+QA\/5VNZ4hss+Uvb++8HTu+r3lj\/C459SshZvlucxDmuZa3ZBNehIbiz1evOn\/PQ2uYzq1n5\/aKmdcjAPZHtdm1sBEZvH0wPfRamygQO0PRwuk8UkbttepqTm3aCMkWP6pyzOi2QMkzmUvgDuJLi0MoD7JU9dZqaFNj2Fh6kUFgvCaMZ0hKmF+0d0HC7P7wWqRTb5FB3uyqq9ACmN1oxJzWe5Q2LG4xNWz7C2sHbi3YeUeMYDzEAGrzJ0Bnhru+8AhgTQw0b2nGhX5xXNbZmUAdxVmmRvu8i0KXvdieeKOVBZ2iKQ2Mf3\/myVys+DW0GniW39hBxq6JZ2kysi5ew9+\/Dk7pXseKnPOJEgyPjjzgfywzZkdVpsjYU9wS6BhJF+90sHsfKIh6Xu\/Nusfg3Zghv\/krW0SdwP6ZCWge9h+Z4Z3sMP5aaZsfXCWEmUSqeAHfKiA+MfDS+Gm3L5GCOa1PYM+M4nKxB3xcdbB6FoxYWmJutX6QNIpa6p8kDVZNPFY2AjLwmEDoASVhbbGbPGTFMMzdDTsabGp6DYdpIIxMQUnxOjXYaTmXaDtRgQkYd4u1s7"}
00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334163969940,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":633,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":633,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334163969940,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675334163970624,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1675334163970624,"pkt":"dNqIE5X\/CI6QkAulCABFAAFV7sNAAEAGrsbAqAH5V\/CBh9y4AbtyCJRTMVFhQ4AYAfW0xAAAAQEICuMyrjHsnrnbFwMDARyV8+TLI+NREw8XvAhKAb3eM82UQHICIvag2Fs1H5xPf3eOec6YUIOIrbZUq3dgiVFvxYnax22oPpcj4Bk2LRuIM2JdXlZuvnkBFAavKIHjga0HFEZMdRhXlJsxAe3Hi4nTYkzBgE76dbjZgNmiMbpDqISbZTJ\/Uq47vO+3c8He3zMIyRJVTzSaHE9xRNW99JRZ6XAiQwbQaZ\/kvpyzmhW2X9YECckjrkEixMPuraXWz3WwE8wkzBZYc+X4UCePU0i9sSD9z5c8olA9sOGUDpwCDbGCV7CGAj\/7j5g\/mOjwUS092nJdx5JxSfaPmfRB9Nwo47zQ8C+KkPNNVALdlqx3SoxKJHo4Ei4234fqEb5nMafYHFvNC5GmD5dNGg=="}
01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334163970624,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":289,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334163970624,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1675334164014715,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334164014715,"pkt":"dNqIE5X\/CI6QkAulCABFAAA07sRAAEAGr+bAqAH5V\/CBh9y4AbtyCJV0MVFhZoAQAfX7RAAAAQEICuMyrl7snuaR"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334164019208,"pkt":"dNqIE5X\/CI6QkAulCABFAAA07sVAAEAGr+XAqAH5V\/CBh9y4AbtyCJV0MVFk9IAQAe73sAAAAQEICuMyrmLsnuaa"}
00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1675334164676289,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1675334164676289,"pkt":"dNqIE5X\/CI6QkAulCABFAAFlkT9AAEAGDD\/AqAH5V\/CBg4RwAbulKVVAc9gL4IAYAfWf2QAAAQEIColQsjvg\/suqFwMDASw6NlG2qAZ5Z0iX\/bu\/oRlmUdHWvRyBH3N43kO7DrAxthjAmMNhIXGi0\/lrXLoga85eTJnwhLLugatfNLcmUVkiCz+ics03JRenblUKx6x6SVSoZ\/X\/MCtKDDa\/8BomOGIhit1ZoBdG620ypxPKdIwas9KyXYAA4JrP4gAmYXvjfYQwEtGvA6oo6j7mEsXJw\/BTByZ7uPWkGMG+XVPMhGKzyHi888OIstLzIzudaChiQArxtNd+bupqpO1bqUTRss1QrunhhgwQYHWUPtUDHmtEOKHvZpFNCUN5TTC8sqVLro2Cyd7nvhRUgPPYJ3UjazyrMNJqYimArC\/Lfw4dmAlGYYu2b7i5DG3At\/DDkGNArrtKpouiUKikNHLiu+ig4lptrcxd3gopySy1IZQ="}
00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675334164676638,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1675334164676638,"pkt":"dNqIE5X\/CI6QkAulCABFAADGkUBAAEAGDN3AqAH5V\/CBg4RwAbulKVZxc9gL4IAYAfUPdAAAAQEIColQsjvg\/suqFwMDAI3KM06gVQ95ENMbHyUcjDay+BDIky59\/hXK8b9KEEh44vXCXf8Z5I23ZEl0wWKnsXf\/LewZuF4zhcGkYk1BcC4ZjSXMxgEdaKMkuP9JbZvjAKjgDFjDE\/V5RF0zBSmn807oaZR4Y3KEaj2GtkIvAkkJtfsTWZ\/7vkBcmzldSlZjHC8zEXvy+ngngapwgFk="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675334164691179,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334164691179,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0kUFAAEAGDW7AqAH5V\/CBg4RwAbulKVcDc9gMA4AQAfXiPgAAAQEIColQskrg\/tem"}
02266{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334165285590,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6049,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334165285590,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":151376.5,"max":2006629,"stddev":451077.3,"var":203470716928.0,"ent":2.1,"data": [37,14329,22998,2006629,46,764,13490,98211,1614502,285,99,283,260,13216,1250,18419,1704,886,6878,22622,24,179811,40,14057,67447,12,24,579540,41,1048,13719]},"pktlen": {"min":52,"avg":241.0,"max":1017,"stddev":249.5,"var":62251.3,"ent":4.3,"data": [247,332,52,52,240,776,565,52,52,385,563,339,564,1017,52,52,52,52,52,52,52,52,243,316,52,52,52,52,250,563,429,52]},"bins": {"c_to_s": [17,0,0,0,0,2,2,0,3,0,1,1,0,0,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.151976109,7.356266499,5.207948208,5.169486523,6.965931416,7.731954098,7.617059708,5.131024837,5.207947731,7.360937595,7.613526821,7.349236012,7.610394001,7.787010193,5.092563152,5.131024837,5.061608315,5.056022644,5.131024837,5.092563152,5.131024361,5.131024361,7.143619061,7.305361271,5.116507530,5.131024361,5.169486046,5.131024361,7.176092148,7.631054878,7.485155582,5.116507530]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171361391,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171361391,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675334171361391,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334171361391,"pkt":"dNqIE5X\/CI6QkAulCABFAAA88c9AAEAGhVfAqAH5V\/CpA7s+AbsjOasgAAAAAKAC+vBdJQAAAgQFtAQCCApf00EuAAAAAAEDAwc="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171362184,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171362184,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675334171362184,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334171362184,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8Q5pAAEAGM4XAqAH5V\/CpC+lKAbsWBT0vAAAAAKAC+vAqQAAAAgQFtAQCCAqCQZ62AAAAAAEDAwc="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675334171373776,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171373776,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dBAAEAGhV7AqAH5V\/CpA7s+AbsjOashlnO8o4AQAfYfGAAAAQEICl\/TQTv6Zhg5"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1675334171375184,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334171375184,"pkt":"dNqIE5X\/CI6QkAulCABFAAI58dFAAEAGg1jAqAH5V\/CpA7s+AbsjOashlnO8o4AYAfanBQAAAQEICl\/TQTz6Zhg5FgMBAgABAAH8AwNHM3kEP49myOvCSrXAdKU7Yt6+0sjdwtkn\/vIYZ8i6ByCh1E1RkB+FTTj6RPm5LdINb00L3aWCRB1EQjRMs3s1PAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTgwLnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDo5IpsibFD6a0cmcLXiDi07TFMgIUBdnuIa+4+kUXJWABcAQQQEANM0uFwKpAS3Hj\/IyxBKLb8exgHkG5uDFr8AdcI4svmD6cKjwB8Fjt5T7K7hn9wQKh8f1zySzoWNXjSn\/FR\/ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171375184,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171375184,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-80.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1675334171376069,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171376069,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0Q5tAAEAGM4zAqAH5V\/CpC+lKAbsWBT0wlfCfrYAQAfZlWwAAAQEICoJBnsQnYo+N"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1675334171377801,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334171377801,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5Q5xAAEAGMYbAqAH5V\/CpC+lKAbsWBT0wlfCfrYAYAfbdOQAAAQEICoJBnsYnYo+NFgMBAgABAAH8AwOQ1ipKKkoBOZ1ua3rJnpVwxNltLBUKzPSnAqO7jB6ZTSDqwOo0Xqip4n\/tWNKbOc4+AttIdImTX1P6\/J9a5gSd6gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTg4LnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AINqRBqm9CArIXUTUUe8yUeEx1ltvRAxRNajVZs9KCmAuABcAQQTq007urizgZjRi5OGpgrFc+raEfEPKyONDr6A\/lZwBHl9Zs74ic9nuZPDfZEU1Zrv\/t8GYcbfrhBDNb7OmlPpwACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171377801,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171377801,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-88.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1675334171392040,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171392040,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dJAAEAGhVzAqAH5V\/CpA7s+AbsjOa0mlnPHy4AQAeAR4QAAAQEICl\/TQU36ZhhH"}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1675334171392071,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171392071,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dNAAEAGhVvAqAH5V\/CpA7s+AbsjOa0mlnPMo4AQAdcNEgAAAQEICl\/TQU36ZhhH"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1675334171393460,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171393460,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0Q51AAEAGM4rAqAH5V\/CpC+lKAbsWBT81lfCq1YAQAeBYIwAAAQEICoJBntUnYo+d"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1675334171393468,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171393468,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0Q55AAEAGM4nAqAH5V\/CpC+lKAbsWBT81lfCvrYAQAddTVAAAAQEICoJBntUnYo+d"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172164388,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334172164388,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675334172164388,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1675334172164388,"pkt":"dNqIE5X\/CI6QkAulCABFAABbV4FAAEAGRwPAqAH5V\/CBh6uiAbuOGd7H4uEkV4AYAfXppAAAAQEICuMyzjPsnrTzFwMDACK3w9cbDTt\/WwY36k2CAAaeNp5sEgBK8r2T+e4YZw8\/ABTK"}
00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172164388,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334172164388,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334172224141,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0V4JAAEAGRynAqAH5V\/CBh6uiAbuOGd7u4uEkfoAQAfUqFQAAAQEICuMyzm\/snu6S"}
01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334172224141,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175165624,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334175165624,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1675334175165624,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1675334175165624,"pkt":"dNqIE5X\/CI6QkAulCABFAABbw1FAAEAG2HbAqAH5V\/CEQ6p8AbtyL9rwCUqzn4AYAfWQawAAAQEIColaoomIjo4IFwMDACKqPaD2rU0XYzxv6qKjJvS3Or5MIdTdexkv1cmySYXJy+aK"}
00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175165624,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334175165624,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334175179580,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0w1JAAEAG2JzAqAH5V\/CEQ6p8AbtyL9sXCUqzxoAQAfX4GgAAAQEIColaopeIj3LH"}
01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":905,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334175179580,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334173399738,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20255,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334164044445,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334164022545,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171510391,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171488140,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":706,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334178414776,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38528,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334171438126,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00800{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":909,"packets-processed":909,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675334178414776}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 909/909
~~ skipped flows.............: 0
~~ total layer4 data length..: 66779 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6709392 bytes
~~ total memory freed........: 6709392 bytes
~~ total allocations/frees...: 115052/115052
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 544 chars
~~ json message max len.......: 2271 chars
~~ json message avg len.......: 1406 chars
Powered by cgit, Themed by Ted Yin.