path: root/test/results/default/wa_video.pcap.out

00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00788{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767339689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":548,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455767339689,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767339689,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_usec":1561455767339689,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767391415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455767391415,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"}
02436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767568245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1561455767568245,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767568247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1561455767568247,"pkt":"kLkxKPrKxiwDYGpkCABFAACbcYAAAFMGgQOd8BQ1wKgCDBRmwMsu6FI6m9EhroAYALRFAgAAAQEICh5+deo0zyVKPusMeaD3lCmYGQs0mbv2onbTpmXzgK3ehPiaf\/jI1Ot8QVh3JhLBjeOPFQVrZL1eyZEh\/tmq8R\/YD3vf88ik5c9MV\/DPl8MvNMo0YiPUJmBufpG2yOesaCXKVO86h91FqigrzMFgzA=="}
01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767568247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1561455767568247,"pkt":"kLkxKPrKxiwDYGpkCABFAAH8cYEAAFMGf6Gd8BQ1wKgCDBRmwMsu6FKhm9EhroAYALRm5AAAAQEICh5+deo0zyVKLSQRVEKsxJjcWg\/H\/lMobRMW7X9RKF\/hZslxhUvme\/4heGQVcnrwt\/Fm5F2U+oLk+gFf2tebzVJU2bS4GWtpyfd7t0eGRRsksu\/IwWXxVQVfXmQWdqBagMROU0+Iv7cKU9E8j8khrgiQj04I4dJ4yob8xXCok1OIYUG8NdpqehsPn5Rq59THddLOmCgUSKZz\/u1aE7VKWVIXUVp7k19fdFvu2yb39GEDWSdBf4J9Oqs32QeZC52b5oVKE0ithMi9GHf6l\/ui7QsmMqIoJ3dCOeAzESPIDse\/Uw0Z19U+hGKwuaFZZxgdpjsRxn00Hd+xbUGY0TDE8Z\/s2TerF+yrQYARAtLEhyCWaiulNjDn+9f5mpFDmqUMLqsqClVwjcqNgfvRUqMf1Kng1nEjbYVdz0eYwkqEjFo20rkpLUKiaSh7EGttgz7HvZkjaMo8Q4Blqb1fKhQbir5L3ofhHA7goOKU5PHOFmaXZoL5abuQvfLea45eBI4EWKOxGMZDoeA8fGnY5ydOnOswhZUwVx+Pbot37CPOJwe1CCDdAiYytUlelaYcf3Hqbnb4mn5pjMUkvJohvpHobUScb2AcifLrDY6QnEnHXu93"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789452,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789547,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01102{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789547,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789676,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789803,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789803,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790205,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790329,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790329,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790753,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790875,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790875,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791001,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791128,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791128,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769802594,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="}
01017{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769802594,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"80.180.162.48:53046"}}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769803703,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769803703,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k8AAFQRMGQfDVYwwKgCDA2W0bgANE7FAQMAGCESpEIMCJFuDJOtHXjqlE0AIAAIAAHuJHGmBnJAAgAIAAABa44EONE="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769812721,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v0AAFMRY8Sd8MQ+wKgCDA2W0bgANGHGAQMAGCESpEIMCJFuDJOtHXjqlFQAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="}
01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769812721,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"80.180.162.48:53046"}}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769812753,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v4AAFMRY8Od8MQ+wKgCDA2W0bgANGHFAQMAGCESpEIMCJFuDJOtHXjqlFUAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769813684,"pkt":"kLkxKPrKxiwDYGpkCABFAABI86gAAFMRH9i5PNgzwKgCDA2W0bgANDKMAQMAGCESpEIMCJFuDJOtHXjqlE4AIAAIAAHuJHGmBnJAAgAIAAABa44EONY="}
01019{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769813684,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"80.180.162.48:53046"}}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769817420,"pkt":"kLkxKPrKxiwDYGpkCABFAABIYqUAAFMRzt6zPMAwwKgCDA2W0bgANFCKAQMAGCESpEIMCJFuDJOtHXjqlFIAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="}
01019{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769817420,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"80.180.162.48:53046"}}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769823739,"pkt":"kLkxKPrKxiwDYGpkCABFAABIblcAAFAR2nid8MEwwKgCDA2W0bgANGTSAQMAGCESpEIMCJFuDJOtHXjqlFAAIAAIAAHuJHGmBnJAAgAIAAABa44EON0="}
01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769823739,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"mapped_address":"80.180.162.48:53046"}}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455770313920,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00965{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455770332620,"flow_dst_last_pkt_time":1561455769794560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":5261,"midstream":1,"thread_ts_usec":1561455770332620,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":175735.5,"max":2404473,"stddev":473951.1,"var":224629620736.0,"ent":2.4,"data": [51726,176830,2,0,439642,1227815,753,306057,108901,2404473,241,10,252,9,41,323,133116,635,40681,277,7651,7949,1743,1602,528764,1087,660,696,654,2651,2561]},"pktlen": {"min":52,"avg":268.4,"max":1440,"stddev":335.2,"var":112371.9,"ent":4.2,"data": [600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206]},"bins": {"c_to_s": [11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0],"entropies": [7.608484745,5.077241421,7.865381718,6.691146851,7.578685284,7.572544098,7.307354450,6.700509548,7.001189232,7.865732670,4.976373672,5.053297043,5.138105392,5.091758728,5.053297043,5.091758728,5.157560349,6.986247063,7.012214661,5.053297043,5.053297043,6.984363556,5.053297043,7.459637642,5.053297043,6.913162708,6.866742134,6.851969242,6.911801815,6.922309875,6.837723732,6.965609550]}}
01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455770332620,"flow_dst_last_pkt_time":1561455769794560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":5261,"midstream":1,"thread_ts_usec":1561455770332620,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1561455770337759,"flow_dst_last_pkt_time":1561455769803703,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455770337759,"pkt":"xiwDYGpkkLkxKPrKCABFAACaSm4AAEAR9\/PAqAIMHw1WMNG4DZYAhm0eAAMAaiESpEIMCJFuDJOtHXjqlFZAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455770782169,"flow_dst_last_pkt_time":1561455770781798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":8102,"flow_dst_tot_l4_payload_len":1614,"midstream":0,"thread_ts_usec":1561455770782169,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":64034.3,"max":550126,"stddev":135549.6,"var":18373693440.0,"ent":3.1,"data": [95,13142,1109,548212,794,550126,16210,117,20333,106,23568,573,14505,979,116,79305,29641,99,23164,167,19951,342,24390,3500,104447,150456,15882,197610,75380,2499,68245]},"pktlen": {"min":30,"avg":331.6,"max":500,"stddev":205.8,"var":42355.1,"ent":4.7,"data": [154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48]},"bins": {"c_to_s": [3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0],"entropies": [6.493677139,6.519650936,5.235420704,5.263198376,6.488775253,7.446858406,5.290976048,7.477643013,7.460317135,7.514078140,7.471118450,7.444753170,7.528831959,4.569532394,7.478866100,7.484198570,4.453236580,7.470160961,7.456147671,7.450516224,7.440128803,7.495639801,7.433229923,7.431243420,6.496860504,5.263197899,3.812905788,7.345452785,3.812905550,7.413387775,7.430417538,4.208755493]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455772049243,"flow_src_last_pkt_time":1561455772049243,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455772049243,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1561455772049243,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455772049243,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqwAAP8RG\/kAAAAA\/\/\/\/\/wBEAEMBNNtQAQEGAH5K8tcAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455772049243,"flow_src_last_pkt_time":1561455772049243,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455772049243,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1561455773318325,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455773318325,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgzaAAAAIRN\/7AqAIM7\/\/\/+shNB2wAjBq9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455776326104,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1561455776326104,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChemIAAAIRizvAqAIM7\/\/\/+shNB2wAjbrDTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455779337361,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1561455779337361,"pkt":"AQBef\/\/6kLkxKPrKCABFAACBKKcAAAIR3RbAqAIM7\/\/\/+shNB2wAbVXRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455780246416,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781247252,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781352254,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="}
01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781879070,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="}
01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781879070,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782059394,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="}
01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455782059394,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782574285,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782574285,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782679175,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782679175,"pkt":"xiwDYGpkkLkxKPrKCABFAABINRkAAEAR7qjAqAIMW\/w4M9G4f4EANKRJAAEAGCESpEL4j9YAEpPJGTu3VCAACAAUGXORRrB48FGvPcJutSVccHGlcxM="}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783193737,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783193737,"pkt":"xiwDYGpkkLkxKPrKCABFAABIsaMAAEARttHAqAIMATxOQNG46GMANHtxAAEAGCESpEIVyYRJkvEHQDbjhQYACAAUZX4tAsQf0pHGsCjjkogdi3Laxls="}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783298322,"pkt":"xiwDYGpkkLkxKPrKCABFAABIAp0AAEARISXAqAIMW\/w4M9G4f4EANIWbAAEAGCESpEK7pDhewrPJPGinrSwACAAUDjWxbcggz7kXknMp3MU9Yvs9ftw="}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783331681,"pkt":"kLkxKPrKxiwDYGpkCABFAABIi6YAADERpxtb\/DgzwKgCDH+B0bgANIC7AAEAGCESpELmDdRM\/MC6WEQIBDAACAAUFJ5Jo0QxW+Y3GOxMikLa0AFDz2E="}
01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455783331681,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
02354{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":6,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783672290,"flow_dst_last_pkt_time":1561455783683909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":15240,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1561455783683909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":150054.5,"max":1979427,"stddev":383224.6,"var":146861080576.0,"ent":2.7,"data": [707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189]},"pktlen": {"min":72,"avg":523.5,"max":1146,"stddev":432.0,"var":186635.8,"ent":4.5,"data": [72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210]},"bins": {"c_to_s": [0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783829036,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783829036,"pkt":"xiwDYGpkkLkxKPrKCABFAABICZUAAEARXuDAqAIMATxOQNG46GMANOSYAAEAGCESpELddkAJ1F+LPT0EgzwACAAUXmgJtoJkdYveryQNIL+PUoNUtYY="}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455791449110,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455791449110,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxMkoAAEARwOHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455791449110,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1561455791449786,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455791449786,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvmCUAAEARWwjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792270282,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455792270282,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClb\/UAAAIRlaTAqAIM7\/\/\/+v4BB2wAkbTRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792270282,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270460,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNCIAAEAR8gzAqAIMuTzYM9G4DZYAhkjkCAAAaiESpEIMCJFuDJOtHXjqlGBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270570,"pkt":"xiwDYGpkkLkxKPrKCABFAACaRxUAAEAREWnAqAIMnfDBMNG4DZYAhnsyCAAAaiESpEIMCJFuDJOtHXjqlGFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270694,"pkt":"xiwDYGpkkLkxKPrKCABFAACafQwAAEARxyXAqAIMszzAMNG4DZYAhmblCAAAaiESpEIMCJFuDJOtHXjqlGJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270823,"pkt":"xiwDYGpkkLkxKPrKCABFAACa1S0AAEARgELAqAIMnfDEPtG4DZYAhngiCAAAaiESpEIMCJFuDJOtHXjqlGNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792273279,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455792273279,"pkt":"AQBef\/\/6kLkxKPrKCABFAACleZoAAAIRi\/\/AqAIM7\/\/\/+skCB2wAkenQTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792273279,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455795276739,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgOnoAAAIRyyTAqAIM7\/\/\/+skCB2wAjBoITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455795277117,"pkt":"AQBef\/\/6kLkxKPrKCABFAACg4VAAAAIRJE7AqAIM7\/\/\/+v4BB2wAjOUITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455779337361,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455772049243,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449786,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":347,"flow_dst_packets_processed":146,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455792270349,"flow_dst_last_pkt_time":1561455789410471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1139,"flow_dst_max_l4_payload_len":1053,"flow_src_tot_l4_payload_len":209223,"flow_dst_tot_l4_payload_len":18746,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":35,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455784398894,"flow_dst_last_pkt_time":1561455784357701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":1098,"flow_src_tot_l4_payload_len":45824,"flow_dst_tot_l4_payload_len":21351,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1561455795283003}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 781/781
~~ skipped flows.............: 0
~~ total layer4 data length..: 311775 bytes
~~ total detected protocols..: 13
~~ total active/idle flows...: 14/14
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6696264 bytes
~~ total memory freed........: 6696264 bytes
~~ total allocations/frees...: 114948/114948
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 546 chars
~~ json message max len.......: 2441 chars
~~ json message avg len.......: 1493 chars