summaryrefslogtreecommitdiff
path: root/test/results/netbios.pcap.out
blob: 64c800324a464f620731001d8c6fc17375150289 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_usec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1447772210350540}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210350540,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1447772210821814,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210821814,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvkAAIARuSQKAASDCgAF\/wCJAIkAOr8dp0oBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1447772210835836,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210835836,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvoAAIARuSMKAASDCgAF\/wCJAIkAOr8fp0gBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772211392771,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772211392771,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1447772211392771,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772211392771,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOKuIAAIAR79UKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00872{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772211392771,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772211392771,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"ozi"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1447772212142166,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772212142166,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOLrMAAIAR7AQKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1447772212892274,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772212892274,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOMrEAAIAR6AYKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772214344593,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1447772214344593,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772214344593,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}}
00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772216537634,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537634,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1447772216537634,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1447772216537735,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"}
01536{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772220435262,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772220435262,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":14022,"flow_avg":325313.6,"flow_max":749995,"flow_stddev":214669.9,"c_to_s_min":14022,"c_to_s_avg":325313.6,"c_to_s_max":749995,"c_to_s_stddev":214669.9,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"pktlen": {"c_to_s_min":92,"c_to_s_avg":92.0,"c_to_s_max":92,"c_to_s_stddev":0.0,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"bins": {"c_to_s": [0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772221776592,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776592,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772221776592,"pkt":"ABzEEHkPACFislxDCABFAABOBFAAAH8RHeEKAAFXCgAEGOHsAIkAOqS0IKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
00871{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772221776592,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1447772221776690,"pkt":"ACFislxDABzEEHkPCABFAADLdA9AAIARbKQKAAQYCgABVwCJ4ewAt5RIIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772221882535,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772221882535,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1447772221882535,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772221882535,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOIosAAIAR+bAKAARlCgAF\/wCJAIkAOuxhlzUBEAABAAAAAAAAIEVORkZFTUVKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00874{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772221882535,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772221882535,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"muli"}}
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411322,"flow_src_last_pkt_time":1447772225411322,"flow_dst_last_pkt_time":1447772225411322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772225411322,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1447772225411322,"flow_dst_last_pkt_time":1447772225411322,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772225411322,"pkt":"\/\/\/\/\/\/\/\/AOCBt3SFCABFAABOYEAAAIARu7sKAASlCgAF\/wCJAIkAOvrLhIYBEAABAAAAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00876{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411322,"flow_src_last_pkt_time":1447772225411322,"flow_dst_last_pkt_time":1447772225411322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772225411322,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gunnar"}}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411416,"flow_src_last_pkt_time":1447772225411416,"flow_dst_last_pkt_time":1447772225411416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772225411416,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1447772225411416,"flow_dst_last_pkt_time":1447772225411416,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1447772225411416,"pkt":"AOCBt3SFABzEEHkPCABFAABaEmgAAIARC28KAAQYCgAEpQCJAIkARtanhIaFAAAAAAEAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABBg="}
00875{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411416,"flow_src_last_pkt_time":1447772225411416,"flow_dst_last_pkt_time":1447772225411416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772225411416,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gunnar"}}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772230221577,"flow_src_last_pkt_time":1447772230221577,"flow_dst_last_pkt_time":1447772230221577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772230221577,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1447772230221577,"flow_dst_last_pkt_time":1447772230221577,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772230221577,"pkt":"\/\/\/\/\/\/\/\/ABj+KG95CABFAABOBVEAAIARFw4KAARCCgAF\/wCJAIkAOg\/qh84BEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00873{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772230221577,"flow_src_last_pkt_time":1447772230221577,"flow_dst_last_pkt_time":1447772230221577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772230221577,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru"}}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353157,"flow_src_last_pkt_time":1447772234353157,"flow_dst_last_pkt_time":1447772234353157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772234353157,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1447772234353157,"flow_dst_last_pkt_time":1447772234353157,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772234353157,"pkt":"\/\/\/\/\/\/\/\/ABzEEHkPCABFAABOQtEAAIAR2bcKAAQYCgAF\/wCJAIkAOvkLntYBEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00875{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353157,"flow_src_last_pkt_time":1447772234353157,"flow_dst_last_pkt_time":1447772234353157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772234353157,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru"}}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353315,"flow_src_last_pkt_time":1447772234353315,"flow_dst_last_pkt_time":1447772234353315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772234353315,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1447772234353315,"flow_dst_last_pkt_time":1447772234353315,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1447772234353315,"pkt":"ABzEEHkP7Khr9GB3CABFAABaM4kAAIAR6fEKAAUBCgAEGACJAIkARtMVntaFAAAAAAEAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABQE="}
00873{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353315,"flow_src_last_pkt_time":1447772234353315,"flow_dst_last_pkt_time":1447772234353315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772234353315,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru"}}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772235481236,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1447772235481236,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGmCABFAADlboAAAIARrCwKAAVdCgAF\/wCKAIoA0eR9EQ7pCQoABV0AigC7AAAgRUNFUEZIRUpFRkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAQk9XSUUAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772235481236,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"bowie"}}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238479125,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238479125,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772238479125,"pkt":"ABzEEHkPAOCBt8asCABFAABOD1sAAIARDUQKAAXpCgAEGACJAIkAOgf\/mi8AAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
00872{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238479125,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238479125,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}}
00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479218,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1447772238479218,"pkt":"AOCBt8asABzEEHkPCABFAADLWT8AAIARwuIKAAQYCgAF6QCJAIkAt\/eSmi+EAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238721634,"flow_src_last_pkt_time":1447772238721634,"flow_dst_last_pkt_time":1447772238721634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238721634,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1447772238721634,"flow_dst_last_pkt_time":1447772238721634,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772238721634,"pkt":"\/\/\/\/\/\/\/\/EGBLoLzrCABFAABOP6wAAIAR3OYKAAQOCgAF\/wCJAIkAOtzbuxABEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00875{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238721634,"flow_src_last_pkt_time":1447772238721634,"flow_dst_last_pkt_time":1447772238721634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238721634,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772239929129,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOZPwAAIARtz8KAARlCgAF\/wCJAIkAOvRglzYBEAABAAAAAAAAIEVPRkdGQ0RKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
01541{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":144,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772242251393,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772242251393,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":749128,"flow_avg":995439.4,"flow_max":1515990,"flow_stddev":356068.3,"c_to_s_min":749128,"c_to_s_avg":995439.4,"c_to_s_max":1515990,"c_to_s_stddev":356068.3,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"pktlen": {"c_to_s_min":92,"c_to_s_avg":92.0,"c_to_s_max":92,"c_to_s_stddev":0.0,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"bins": {"c_to_s": [0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1447772248480903,"flow_dst_last_pkt_time":1447772238479218,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772248480903,"pkt":"ABzEEHkPAOCBt8asCABFAABORZkAAIAR1wUKAAXpCgAEGACJAIkAOgf2mjgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772251795162,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795162,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772251795162,"pkt":"ABzEEHkPACFislxDCABFAABOJRwAAH8R\/RQKAAFXCgAEGOJBAIkAOqRfIKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
00873{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772251795162,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1447772251795278,"pkt":"ACFislxDABzEEHkPCABFAADLQERAAIARoG8KAAQYCgABVwCJ4kEAt5PzIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00895{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411416,"flow_src_last_pkt_time":1447772225411416,"flow_dst_last_pkt_time":1447772225411416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00896{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411322,"flow_src_last_pkt_time":1447772225411322,"flow_dst_last_pkt_time":1447772225411322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00899{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772269350219,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00894{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353315,"flow_src_last_pkt_time":1447772234353315,"flow_dst_last_pkt_time":1447772234353315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00896{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238721634,"flow_src_last_pkt_time":1447772238721634,"flow_dst_last_pkt_time":1447772238721634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00901{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1447772238479125,"flow_src_last_pkt_time":1447772248480903,"flow_dst_last_pkt_time":1447772248481003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":350,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00896{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353157,"flow_src_last_pkt_time":1447772234353157,"flow_dst_last_pkt_time":1447772234353157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00895{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772230221577,"flow_src_last_pkt_time":1447772230221577,"flow_dst_last_pkt_time":1447772230221577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00897{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00900{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":181,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772269972130,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
00900{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00901{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00878{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_usec":1447772269972130}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 260/260
~~ skipped flows.............: 0
~~ total layer4 data length..: 13727 bytes
~~ total detected protocols..: 14
~~ total active/idle flows...: 15/15
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6074733 bytes
~~ total memory freed........: 6074733 bytes
~~ total allocations/frees...: 121909/121909
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 478 chars
~~ json string max len.......: 1546 chars
~~ json string avg len.......: 1011 chars
Powered by cgit, Themed by Ted Yin.