summaryrefslogtreecommitdiff
path: root/test/results/ocs.pcap.out
blob: 8a6b2b90ebad4383cfded944126e6ed44ab6fb14 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1449652784341}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652784341,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652784341,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1449652786071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"}
00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1449652786098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_msec":1449652786098,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1449652786130,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_msec":1449652786130,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786135,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786135,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786135,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786152,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786152,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786152,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786167,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786167,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786167,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"}
00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1449652786190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786190,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="}
01476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_msec":1449652786215,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}}
00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1449652786268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786268,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_msec":1449652786271,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786395,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786395,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786395,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1449652786500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786500,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_msec":1449652786501,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1449652786934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_msec":1449652786934,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787003,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787003,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787003,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1449652787075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787075,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="}
00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652787100,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1449652787155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787155,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1449652787273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787273,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="}
00980{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1449652787507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_msec":1449652787507,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787596,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787596,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787596,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787983,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787983,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787983,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1449652788016,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_msec":1449652788016,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="}
00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1449652788067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788067,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="}
01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_msec":1449652788082,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788109,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652788109,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788109,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1449652788188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788188,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_msec":1449652788195,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1449652788595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788595,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1449652790602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652790602,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"}
00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652787983,"flow_last_seen":1449652790713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1449652790713,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652792355,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652797357,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652797357,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652797357,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1449652797427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652797427,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="}
00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_msec":1449652797442,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="}
00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1449652798230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_msec":1449652798230,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798305,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652798305,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652798305,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1449652798386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652798386,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652798392,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1449652842535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_msec":1449652842535,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="}
00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842628,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652842628,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652842628,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1449652842700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652842700,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_msec":1449652842701,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}}
00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652842628,"flow_last_seen":1449652843470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1449652843470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}}
00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1449652786395,"flow_last_seen":1449652787578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Azure","breed":"Acceptable","category":"Cloud"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786167,"flow_last_seen":1449652786398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}}
00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786135,"flow_last_seen":1449652787495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-data-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_msec":1449652846380}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 946/946
~~ skipped flows.............: 0
~~ total layer4 data length..: 12361 bytes
~~ total detected protocols..: 18
~~ total active/idle flows...: 20/20
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 5155535 bytes
~~ total memory freed........: 5155535 bytes
~~ total allocations/frees...: 114329/114329
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 449 chars
~~ json string max len.......: 1481 chars
~~ json string avg len.......: 965 chars
Powered by cgit, Themed by Ted Yin.