1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
00389{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":4796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324116,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324323,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324979,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"IOUqtpPxAAgCHEeuCABFAADBALNAAIAG\/\/cKCRllkFtFw8ANAFC+hvgfPu\/YuVAY+vAITAAAR0VUIC9zb2xhci5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiBwd3R5eUVLek50R2F0d25Kam1DY0JMYk92ZUNWcGMNCkhvc3Q6IDE0NC45MS42OS4xOTUNCg0K"}
00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00411{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":325236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
02368{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623372,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbQAAIAGNdyQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vA4RgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxNzo1NDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjc5MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LURlc2NyaXB0aW9uOiBGaWxlIFRyYW5zZmVyDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0icGhuMzR5Y2p0Z2htLmV4ZSINCkV4cGlyZXM6IDANCkNhY2hlLUNvbnRyb2w6IG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBwdWJsaWMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADF5hWJgYd72oGHe9qBh3vasqVe2oOHe9pbpGfai4d72likZ9qAh3vae6Ri2piHe9qBh3ra\/4V72nujO9qdh3vae6Nn2gSHe9qqplzaiId72nujZtoZh3vae6M+2oCHe9p7o0bagId72lJpY2iBh3vaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAA3BYtdAAAAAAAAAADgAA8BCwEHAABABAAAwAQAAAAAAGIRAQAAEAAAAFAEAAAAQAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAEAkAABAAAJAACQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAsZAUAGAEAAAAABgDyAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAEAGAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAKMzBAAAEAAAAEAEAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABgOwEAAFAEAABAAQAAUAQAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAxGAAAACQBQAAMAAAAJAFAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAAPIBAwAAAAYAABADAADABQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_tot_l4_data_len":1749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
02109{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623382,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcBbUAAIAGNpuQW0XDCgkZZQBQwA0+795tvob4uFAY+vAhYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00412{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALZAAIAGAI4KCRllkFtFw8ANAFC+hvi4Pu\/jYVAQ+vAhaQAA"}
02237{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":624937,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbYAAIAGNjqQW0XDCgkZZQBQwA0+7+Nhvob4uFAY+vAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
02380{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":625084,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbcAAIAGNjmQW0XDCgkZZQBQwA0+7+i1vob4uFAY+vC0SgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7Gr\/aOooRABkoQAAAABQZIklAAAAAIPsDGjsAQAA6PLcAQCDxASJRezHRfwAAAAAg33sAHQNi03s6EAAAACJRejrB8dF6AAAAACLReiJRfDHRfz\/\/\/\/\/i0Xwi030ZIkNAAAAAIvlXcPMzMzMzMxVi+xRiU38uDBZRACL5V3DVYvsUYlN\/ItN\/Oh2EQMAi0X8xwBYWUQAi038x4HQAQAAAAAAAItV\/MeC1AEAAAAAAACLRfzHgNgBAAAAAAAAi038x4HcAQAAAAAAAItV\/MeC4AEAAAEAAACLRfzHgOQBAAAAAAAAi038x4HoAQAAAAAAAItV\/MeCzAEAAAAAAACLRfyL5V3DzMzMzMzMzMzMVYvsUYlN\/ItN\/OghAAAAi0UIg+ABhcB0DItN\/FHoENwBAIPEBItF\/IvlXcIEAMzMVYvsav9oEylEAGShAAAAAFBkiSUAAAAAUYlN8ItF8McAWFlEAMdF\/AEAAACLTfCBwZwAAADoydIBAMZF\/ACLTfCDwWjoe24CAMdF\/P\/\/\/\/+LTfDolmYCAItN9GSJDQAAAACL5V3DzMzMzMzMzMzMzFWL7FGJTfy4YFdEAIvlXcNVi+yD7AiJTfiLRfiLSFCJTfyL5V3CBADMzMzMzMzMzFWL7IHsHAEAAImN5P7\/\/4uN5P7\/\/+ht+AIAx4Xo\/v\/\/VAAAAMeF7P7\/\/wEAAMDHhfD+\/\/\/\/\/\/+\/x4X0\/v\/\/yAAAAGbHhST\/\/\/+QAceF+P7\/\/wAAAADHhfz+\/\/8AAAAAxoUA\/\/\/\/AMaFAf\/\/\/wBoBFtEAI2FAv\/\/\/1Do8vIAAIPECIuN7P7\/\/4HJAAAAIImN7P7\/\/4uV5P7\/\/8eC0AEAAAEAAACNhej+\/\/9Qi43k\/v\/\/6KvEAQCNjUD\/\/\/9Ri43k\/v\/\/6BHFAQDHhUT\/\/\/8IAAAAZseFWP\/\/\/wEAi+Vdw8zMVYvsgewYAQAAiY3o\/v\/\/jUXwUP8VXFNEAGgAAQAAjY3w\/v\/\/UWgMW0QAjVXwUmoAaAAIAAD\/FWRTRADHhez+\/\/8AAAAAjYXw\/v\/\/UIuN7P7\/\/1FowgAAAIuV6P7\/\/4tCHFD\/FUhVRACL5V3DzMzMzFWL7IHsGAEAAImN6P7\/\/41F8FD\/FVxTRABoAAEAAI2N8P7\/\/1FoHFtEAI1V8FJqAGgACAAA\/xVYU0QAx4Xs\/v\/\/AAAAAI2F8P7\/\/1CLjez+\/\/9RaMIAAACLlej+\/\/+LQhxQ\/xVIVUQAi+Vdw8zMzMxVi+yB7MQAAACJjTz\/\/\/+NhUD\/\/\/9Qi408\/\/\/\/6PfDAQDHhUT\/\/\/8IAAAAZotNCGaJjVj\/\/\/+NlUD\/\/\/9Si408\/\/\/\/6AzEAQBqAGoBaLkAAACLhTz\/\/\/+LSBxR\/xVIVUQAi+VdwgQAzMzMzMw="}
00414{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":625400,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALdAAIAGAI0KCRllkFtFw8ANAFC+hvi4Pu\/uCVAQ+vAWwQAA"}
02439{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":627512,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbgAAIAGNjiQW0XDCgkZZQBQwA0+7+4Jvob4uFAY+vD9OgAAzMzMzFWL7IHsxAAAAFeJjUD\/\/\/\/HhUj\/\/\/8AAAAAuQ4AAAAzwI29TP\/\/\/\/Orx0XAPAAAAIuFQP\/\/\/4tIHFH\/FUxVRABQ6CJrAgCJhUT\/\/\/9qWouVRP\/\/\/1L\/FRxRRACJRfyNRcBQagFoOgQAAIuNQP\/\/\/4tRHFL\/FUhVRADHhUj\/\/\/88AAAAg71A\/\/\/\/AHUMx4U8\/\/\/\/AAAAAOsPi4VA\/\/\/\/i0gciY08\/\/\/\/i5U8\/\/\/\/iZVM\/\/\/\/x4VQ\/\/\/\/AAAAAI1FhImFVP\/\/\/8eFXP\/\/\/0EhAADHhXz\/\/\/8BAAAAx0WAZgYAAItN1ImNYP\/\/\/8eFdP\/\/\/wAAAABmx4V4\/\/\/\/ACSLRcwPr0X8mbmgBQAA9\/n32IlFhMdFiAAAAADHRYwAAAAAx0WQAAAAAItVyIPiAffaG9KB4iwBAACBwpABAACJVZSLRciD4AKFwA+VwYhNmItVyIPiBIXSD5XAiEWZi03Ig+EIhckPlcKIVZrGRZwAxkWdAMZFngGKRdiIRZuKTdmITZ+NVdpSjUWgUOiy7wAAg8QIjY1I\/\/\/\/Uf8VhFZEAIXAdQXpqwAAAMdFwDwAAADHRcQ\/AADoi5VY\/\/\/\/0eKJVczHRcg\/AABAgX2UvAIAAH0Ji0XIg+D+iUXID7ZNmIXJdQmLVciD4v2JVcgPtkWZhcB1CYtNyIPh+4lNyA+2VZqF0nUJi0XIg+D3iUXIi41g\/\/\/\/iU3UilWbiFXYikWfiEXZjU2gUY1V2lLoEu8AAIPECI1FwFCLjUD\/\/\/\/oDsEBAIXAdQ5qAGoAaChbRADoUJUCAF+L5V3DzMzMzMzMzMzMVYvsav9oKylEAGShAAAAAFBkiSUAAAAAgez8AAAAVleJjfj+\/\/9qAGoAagCNjVz\/\/\/\/o5bABAMdF\/AAAAACNjVz\/\/\/\/oW7ABAIP4AXVfi0XYiYUA\/\/\/\/jY0E\/\/\/\/UYuN+P7\/\/+jBwAEAi1XYiZX8\/v\/\/i4X8\/v\/\/iYUY\/\/\/\/i40M\/\/\/\/geH\/\/\/+\/iY0M\/\/\/\/g+xUuRUAAACNtQT\/\/\/+L\/POli434\/v\/\/6FMFAADHRfz\/\/\/\/\/jY1c\/\/\/\/6BccAgCLTfRkiQ0AAAAAX16L5V3DzFWL7FGJTfyLTfzo9xsCAIvlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6CPAAQCLTaSDudABAAAAdB6LVbCD4v6JVbBmx0XkkAGLRaTHgNABAAAAAAAA6ymLTayByQAAQACDyQGJTazHRbABAAAAZsdF5LwCi1Wkx4LQAQAAAQAAAIPsVLkVAAAAjXWoi\/zzpYtNpOiPBAAAX16L5V3DzMzMzMzMzMzMVYvsgezEAAAAiY08\/\/\/\/jYVA\/\/\/\/UIuNPP\/\/\/+invwEAx4VE\/\/\/\/IAAAAA+3jUj\/\/\/+D+QF1G4uVPP\/\/\/8eCzAEAAAAAAABmx4VI\/\/\/\/AADrGYuFPP\/\/\/8eAzAEAAAEAAABmx4VI\/\/\/\/AQCNjUD\/\/\/9Ri408\/\/\/\/6Ie\/AQBqAGoBaLkAAACLlTz\/\/\/+LQhxQ\/xVIVUQAi+Vdw8zMzMzMzFWL7IPsXFZXiU2kjUWoUItNpOjzvgEAi02kg7ncAQAAAHQYi1Wwg+L9iVWwi0Wkx4DcAQAAAAAAAOsbx0WsAgAAAMdFsAIAAACLTaTHgdwBAAABAAAAg+xUuRUAAACNdaiL\/POli02k6HMDAABfXovlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6HO+AQCLTaSDudgBAAAAdBiLVbCD4veJVbCLRaTHgNgBAAAAAAAA6xvHRawIAAAAx0WwCAAAAItNpMeB2AE="}
02532{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630207,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbkAAIAGNdeQW0XDCgkZZQBQwA0+7\/Ndvob4uFAQ+vCglwAAAAABAAAAg+xUuRUAAACNdaiL\/POli02k6PMCAABfXovlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6PO9AQCLTaSDudQBAAAAdBiLVbCD4vuJVbCLRaTHgNQBAAAAAAAA6x\/HRawEAIAAx0WwBAAAAMZF+AGLTaTHgdQBAAABAAAAg+xUuRUAAACNdaiL\/POli02k6G8CAABfXovlXcPMzMzMzMzMzMxVi+xRiU38i+Vdw8zMzMzMVYvsav9oTSlEAGShAAAAAFBkiSUAAAAAgey4AAAAiY1A\/\/\/\/aGwBAADoydIBAIPEBImFRP\/\/\/8dF\/AAAAACDvUT\/\/\/8AdBVqAIuNRP\/\/\/+jcAwAAiYU8\/\/\/\/6wrHhTz\/\/\/8AAAAAi4U8\/\/\/\/iYVI\/\/\/\/x0X8\/\/\/\/\/4uNSP\/\/\/4lN8ItV8IsCi03w\/5BAAQAAg\/gBD4W3AAAAx4VM\/\/\/\/nAAAAItN8IO5YAEAAAB0D4uVUP\/\/\/4PKAomVUP\/\/\/4tF8IO4aAEAAAB0D4uNUP\/\/\/4PJAYmNUP\/\/\/4tV8IO6ZAEAAAB0D4uFUP\/\/\/4PIBImFUP\/\/\/4tN8IuRYAEAAGnSoAUAAImVXP\/\/\/4tF8IuIZAEAAGnJoAUAAIlN7ItV7PfaiZVg\/\/\/\/i0Xwi4hoAQAAacmgBQAAA03siY1Y\/\/\/\/jZVM\/\/\/\/UouNQP\/\/\/+hmvAEAi030ZIkNAAAAAIvlXcPMzFWL7FGJTfyLRfyLiMwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNABAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNgBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNQBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7IPsEIlN9I1F\/FCNTfhRi0306Di6AQCLVfg7Vfx1CcdF8P\/\/\/\/\/rBotF\/IlF8ItN8FGLVfhSi0306L65AQCNRQhQi0306MC6AQCL5V3CVADMzMzMzMzMzMzMzMzMzFWL7IHszAAAAImNOP\/\/\/2oBi0UIixCLTQj\/EseFPP\/\/\/wAAAACNhUD\/\/\/9Qi404\/\/\/\/6LG6AQCLTQiLUQSJlTT\/\/\/+DvTT\/\/\/9ldCuDvTT\/\/\/9mdAuDvTT\/\/\/9ndDDrRQ+3hVj\/\/\/+D6AL32BvAQImFPP\/\/\/+s4D7eNWP\/\/\/4PpAffZG8lBiY08\/\/\/\/6yEPt5VY\/\/\/\/g+oD99ob0kKJlTz\/\/\/\/rCseFPP\/\/\/wAAAAAzwIO9PP\/\/\/wAPlcBQi00IixGLTQj\/UgiL5V3CBADMzMxVi+yD7AiJTfyLRQiJRfiDffhldA6DffhmdBSDffhndBrrImoBi0386NP1\/\/\/rFmoCi0386Mf1\/\/\/rCmoDi0386Lv1\/\/+L5V3CBADMzMzMzFWL7ItFCFDoRs8BAIPEBF3CBADMzMzMzMzMzMzMzMzMVYvsUYlN\/GoAi0X8i0gcUf8VUFVEAIvlXcPMzMzMzMxVi+xRiU38agGLRfyLSBxR\/xVQVUQAi+Vdw8zMzMzMzFWL7Gr\/aIEpRABkoQAAAABQZIklAAAAAIPsEIlN5ItFCFBqZotN5Oh3FQIAx0X8AAAAAItN5McBSFxEAItV5IPCcIlV8ItN8OjO2gEAi0XwxwCElEQAxkX8AYtN5IHBwAAAAIlN7ItN7Oit2gEAi1XsxwKElEQAxkX8AotF5AUQAQAAiUXoi03o6I3aAQCLTejHAYSURADHRfz\/\/\/\/\/i0Xki030ZIkNAAAAAIvlXcIEAMzMzMzMzMzMzMzMzMzMzFWL7FE="}
02138{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630216,"pkt_caplen":1302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1302,"pkt_l4_len":1268,"pkt":"AAgCHEeuIOUqtpPxCABFAAUIBboAAIAGNqqQW0XDCgkZZQBQwA0+7\/kRvob4uFAY+vB0WgAAiU38i0386CEAAACLRQiD4AGFwHQMi038UegQzgEAg8QEi0X8i+VdwgQAzMxVi+xq\/2ixKUQAZKEAAAAAUGSJJQAAAABRiU3wx0X8AgAAAItN8IHBEAEAAOiLCwMAxkX8AYtN8IHBwAAAAOh5CwMAxkX8AItN8IPBcOhqCwMAx0X8\/\/\/\/\/4tN8OilEwIAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/ItF\/IPAcFBo6gMAAItNCFHoqYwCAItV\/IHCwAAAAFJo6wMAAItFCFDokYwCAItN\/IHBEAEAAFFo7AMAAItVCFLoeYwCAIvlXcIEAMzMzMzMzMzMzMzMzMzMVYvsUYlN\/LhIW0QAi+Vdw1WL7IPsGIlN6MdF8AAAAADrCYtF8IPAAYlF8IN98Bl9N4tN8IsUjbCQRQBSaKBdRACNRfRQ\/xXUVUQAg8QMjU30UWoAaEMBAACLVQiLQhxQ\/xVIVUQA67rHRewAAAAAagCLTexRaE4BAACLVQiLQhxQ\/xVIVUQAi+VdwgQAzMzMVYvsUYlN\/ItN\/OiFFgIAi0X8g8BwUItN\/Ohi\/\/\/\/i038gcHAAAAAUYtN\/OhQ\/\/\/\/i1X8gcIQAQAAUotN\/Og+\/\/\/\/uAEAAACL5V3DzMzMzMxVi+xq\/2jIKUQAZKEAAAAAUGSJJQAAAACD7CCJTeCLTeDoOuQBAOipGwIAiUXoi0XoixCLTej\/UgyJReyLReyDwBCJRfDHRfwAAAAAjU3wUYtN4IPBcOj27wEAagBqAGhHAQAAi1Xgi4KMAAAAUP8VSFVEAIXAdBGLTfBR6F\/lAACDxASJRdzrB8dF3AAAAACLVeCLRdyJgmABAACNTfBRi03ggcHAAAAA6KPvAQBqAGoAaEcBAACLVeCLgtwAAABQ\/xVIVUQAhcB0EYtN8FHoDOUAAIPEBIlF2OsHx0XYAAAAAItV4ItF2ImCZAEAAI1N8FGLTeCBwRABAADoUO8BAGoAagBoRwEAAItV4IuCLAEAAFD\/FUhVRACFwHQRi03wUei55AAAg8QEiUXU6wfHRdQAAAAAi1Xgi0XUiYJoAQAAx0X8\/\/\/\/\/41N8OifAAAAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/IvlXcIEAMzMzFWL7FGJTfyLRQxQD7dNCFGLVfyLAotN\/P+QNAEAAIvlXcIIAMzMzMzMzMzMzMzMzFWL7FGJTfyLTfzoXQgDAItFCIPgAYXAdAyLTfxR6JDKAQCDxASLRfyL5V3CBADMzFWL7IPsCIlN+ItN+OgPAAAAi+Vdw8zMzMzMzMzMzMzMVYvsg+wIiU34i0X4iwiD6RCJTfyLVfyDwgyDyP\/wD8ECSIXAfxOLTfxRi1X8iwKLTfyLCYsQ\/1IEi+Vdw8zMzFWL7Gr\/aOopRABkoQAAAABQZIklAAAAAIPsDGgYAgAA6NLJAQCDxASJRezHRfwAAAAAg33sAHQNi03s6FAAAACJRejrB8dF6AAAAACLReiJRfDHRfz\/\/\/\/\/i0Xwi030ZIkNAAAAAIvlXcPMzMzMzMxVi+xRiU38uABfRACL5V3DVYvsUYlN\/LikXUQAi+Vdw1WL7Gr\/aBYqRABkoQAAAABQZIklAAAAAFGJTfCLTfDoiScDAMdF\/AAAAACLRfDHAChfRACLTfCBwdAAAADobEsDAMZF"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALhAAIAGAIwKCRllkFtFw8ANAFC+hvi4Pu\/98VAQ+vAG2QAA"}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_tot_l4_data_len":693561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":986,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test"}
|