1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kontiki.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_usec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213662195077813}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662195077813,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1033,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1033,"pkt_l4_len":999,"thread_ts_usec":1213662195077813,"pkt":"\/\/\/\/\/\/\/\/ABVYKKDoCABFAAP7D3UAACARXSoKGSA7\/\/\/\/\/03sTewD53pePD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxaTWVzc2FnZSB0YXJnZXQ9IlpCQlAuMS5TdWJuZXRSZXF1ZXN0IiBtaW5vcj0iMjAiIHBhcmFtaGVhZGVybGVuZ3RoPSI0OTQiIHNpZ25hdHVyZT0iNE5QY0MyZTRZVGh2ZkFESUdPd2pNRFVENjl3NURpVTNsTWdZSFZCcVZGaUZKaXdTRXZ2Yit2cVVvUllHb25NdXd5c0lxWEIyZHJJNGR0aDNVR2ZSZ3lXbU9ES0JZYVVUVys1dzJRdWpYNk5ZQW5Vc3E1cGVWdnJQZ1ZJNFNqU1JhWjhkZXM3SkptU3RZRGtramVZR3hLblVsODUzZzFFSlVRZkVQVTdEY0RHQyIgc2lnbmVyPSI2UEJrWm50NHgzampVbFk2NjdXa2M5WFZESWh4YmZGbHI0VmE5UnE5WWdSZngzczhZWUw5cVp1ZXRCaXRqdytGRDU0T3hKcnF6TzBqMVlCc1YvaEFpL3d2UnlRcFVVdm52Z0pHejNVYTc5V1FXNDFURzZBTnhoWFl1TkZxRDMwZDFoakdDa1dRalhBK0Z0UFc2WFQ4UjB3NktkZk9sNjlhSHh0WG81eEIwY2I5Ij4NCjwvWk1lc3NhZ2U+DQo8WlBhcmFtU2V0Pg0KPHBhcmFtIG5hbWU9Il9fbXNnaGRyIiB0eXBlPSJtYXAiPg0KPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJtYXAiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0ibW9pZCIgdHlwZT0ic3RyaW5nIj5hMjQ1MmI5OC02MDdkLTIzM2MtMTFkOS1jN2MyNGRmMDQxYmY8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InNlbGZyZWYiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0iYWRkciIgdHlwZT0ic3RyaW5nIj4xMC4yNS4zMi41OTwvcGFyYW0+DQo8cGFyYW0gbmFtZT0iZXh0YWRkciIgdHlwZT0ic3RyaW5nIj42NS4yMDUuMjUxLjUxPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJwb3J0IiB0eXBlPSJ1aW50Ij44MDwvcGFyYW0+DQo8cGFyYW0gbmFtZT0idWRwcG9ydCIgdHlwZT0idWludCI+MTk5NDg8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InZlcnNpb24iIHR5cGU9InN0cmluZyI+djEuMjA8L3BhcmFtPg0KPC9wYXJhbT4NCjwvcGFyYW0+DQo8L1pQYXJhbVNldD4NCg=="}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198289399,"flow_dst_last_pkt_time":1213662198289399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289399,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198289399,"flow_dst_last_pkt_time":1213662198289399,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1213662198289399,"pkt":"AAAMB6wIABVYKKDoCABFAAFTD48AACARip0KGSA7QMiUUk3sB5wBPyUCAgUEALiJxyqdfRurkGvxcQAAAAHGclB+GpXQo7ilG\/X+QBPHZNzcc2Vgl8HXEWakCXkI\/uj8lmIl1eBkbhN4MvAcq86Z98N3bIP98eTWEBdQEYXavGuDSMiGARvJZed\/c1zWfWkiBQDMPgD+Ih+\/PJjSy0mU1LUYMuUE02zzTShWQfCvM2Xa9SOg6ec0xfxrP6bVssVjaXJqz1AT6v7o8NtJtnsERCco1F8aGfNVg8yXB5v\/LbWp1E2sz6l3Uqjqcfx5ZJSkZLl83RIr7uaKcsAZozQEdGaeqFqM+vh1lG8CYU5v3cUXR+iWSzTqhorAV8WhTpNJoFMNHVApj2b53cJQug6cwf67kqgCY5\/UQxlKUrAgIAb+T+C6ITKs8wNPNWZJmf3s1l4sH4nkFe9HNSIG47QjMrQ="}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662198289578,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289578,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198289578,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1213662198289578,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5AAAAIRqcsKGSA7QMiUVk3sIrgADIy+AgEBAA=="}
00987{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662198289578,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289578,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
00721{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289778,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213662198289778,"pkt":"ABVYKKDoANAreRD8CABFwAA8nDwAAP4B8kgKGfkOChkgOwsA9I8AAAAARQAAIA+QAAABEarLChkgO0DIlFZN7CK4AAyMvgIBAQA="}
00846{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289778,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.304229}}
00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1213662198289399,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1213662198292691,"pkt":"ABVYKKDoANAreRD8CABFAADuAABAADQRRpFAyJRSChkgOwecTewA2iL0AgUEADrI\/CCQa\/FynX0bqwAAAAEU3Ww9OKrYuWJ\/RoFyF3QkawgIztP7rZEqNEZAvKFqVsbVX6Q7o7C1GOOdgQ95sj8arDoplqug4W5ycMyrjvQQyOwCiAR\/6y2A+p1htTIZLrGyKHiEi2Jp9hwzPzovQAePahwaDoff8ISW08I83wX6VJuH0Ja\/8FiWxNnH+Ai3SlJjJhuk49id1Yw4mSXZ8jvVv5UwGXcIGiI6B0mhLZ+A10L6EpKDfeBwW1y7ll9X6Tp66XFf4oxdv3GVbO9k"}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662198298123,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198298123,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198298123,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662198298123,"pkt":"AAAMB6wIABVYKKDoCABFAAAwD5EAACARi7gKGSA7QMiUWE3sAFAAHNz5AgUCAE9LWIs\/euHNAAAE5AIEAQA="}
00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662198298123,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198298123,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
00719{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298679,"flow_src_last_pkt_time":1213662198298679,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198298679,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198298679,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662198298679,"pkt":"ABVYKKDoANABJAf8CABFAAA4wMIAAP8BppIKGSADChkgOwMN0aAAAAAARQAAMA+RAAAfEYy4ChkgO0DIlFhN7ABQABzc+Q=="}
00844{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298679,"flow_src_last_pkt_time":1213662198298679,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198298679,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.253434}}
00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1213662198301070,"pkt":"AAAMB6wIABVYKKDoCABFAAAsD5IAACARi8EKGSA7QMiUUk3sB5wAGMoHAgQkALiJxyqdfRurkGvxcg=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1213662198488193,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1213662198488193,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5cAAAQRp8QKGSA7QMiUVk3sIrgADIy+AgEBAA=="}
00725{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198488630,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198488630,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662198488630,"pkt":"ABVYKKDoANAreRD8CABFwAA4pIcAAPwBJOPYqPGdChkgOwsADhsAAAAARQAAIA+XAAABEarEChkgO0DIlFZN7CK4AAx2NA=="}
00850{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198488630,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198488630,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1213662198700615,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1213662198700615,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD6YAAAYRpbUKGSA7QMiUVk3sIrgADIy+AgEBAA=="}
00722{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198701406,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198701406,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662198701406,"pkt":"ABVYKKDoANAreRD8CABFwAA4\/Y8AAPoBuFQET9t9ChkgOwsADhsAAAAARQAAIA+mAAABEaq1ChkgO0DIlFZN7CK4AAx2NA=="}
00847{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198701406,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198701406,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
01471{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":41,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662198988100,"flow_dst_last_pkt_time":1213662198992190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":591,"flow_dst_tot_l4_payload_len":24254,"midstream":0,"thread_ts_usec":1213662198992190,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":13,"flow_avg":45197.9,"flow_max":607738,"flow_stddev":118031.4,"c_to_s_min":3074,"c_to_s_avg":77613.6,"c_to_s_max":212422,"c_to_s_stddev":88088.6,"s_to_c_min":13,"s_to_c_avg":31936.9,"s_to_c_max":607738,"s_to_c_stddev":125898.8},"pktlen": {"c_to_s_min":46,"c_to_s_avg":101.1,"c_to_s_max":259,"c_to_s_stddev":79.4,"s_to_c_min":70,"s_to_c_avg":1144.5,"s_to_c_max":1283,"s_to_c_stddev":355.2}},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200284689,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662200284689,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200285056,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662200285056,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202284851,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662202284851,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202285330,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662202285330,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="}
00869{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198701406,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198488630,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":261,"flow_dst_packets_processed":3013,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662202879390,"flow_dst_last_pkt_time":1213662202882191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":6335,"flow_dst_tot_l4_payload_len":3708231,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
00868{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298679,"flow_src_last_pkt_time":1213662202883546,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00869{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00808{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00808{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":3289,"packets-processed":3289,"total-skipped-flows":0,"total-l4-payload-len":3716430,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1213662202883546}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3289/3289
~~ skipped flows.............: 0
~~ total layer4 data length..: 3716430 bytes
~~ total detected protocols..: 6
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6140961 bytes
~~ total memory freed........: 6140961 bytes
~~ total allocations/frees...: 124792/124792
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 478 chars
~~ json string max len.......: 1837 chars
~~ json string avg len.......: 1156 chars
|