aboutsummaryrefslogtreecommitdiff
path: root/test/results/trickbot.pcap.out
blob: 95f993e28f92bf3aaed614df0492fbdbff3392be (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609266107551,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":551500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"}
00415{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797175,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797418,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"}
00880{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797621,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"pkt":"IOUqtpPxAAgCHEeuCABFAAGFc9NAAIAGKfQKDB1lUnbhxO+GG6gSdtdXYu1SXVAY\/\/9PNwAAUE9TVCAvT0syMXBxSkF0eXlHQkVvMDBzayBIVFRQLzEuMQ0KUmVmZXJlcjogaHR0cDovLzgyLjExOC4yMjUuMTk2L09LMjFwcUpBdHl5R0JFbzAwc2sNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpETlQ6IDENClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCAxMC4wOyBXT1c2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRSkNCkhvc3Q6IDgyLjExOC4yMjUuMTk2OjcwODANCkNvbnRlbnQtTGVuZ3RoOiA5MjgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
01652{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797702,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"pkt":"IOUqtpPxAAgCHEeuCABFAAPIc9RAAIAGJ7AKDB1lUnbhxO+GG6gSdti0Yu1SXVAY\/\/9JYwAAT0syMXBxSkF0eXlHQkVvMDBzaz1VNnlLdXljcHlydFdTZmZzSVQ5Z0hhdDNpV0Jlb0NsSkM2MjdZZUlKdk5aOHcwVjE5VEhaNUxvamNjeVBuJTJCT0phVHlOOWJMZ0tKJTJGdWpKUmxlNk40MWpxdVdYQmR1emNzRFJEUDNlbzJlaVI3NGZPVWU5TEloJTJGbWFPQlZQJTJCMVBtJTJCM0xRVHFwJTJCJTJCdUZlbDdrTnQlMkZLbHIxWDEzNFZxQmZGaXZDTVBLRGxpNjZEVmRPUWRadzZBVGtMdmM0VFVpRWJDS0tUUGNkYUxFdkdHWjNDWmNBVEt1bkZaUElVVU1LREFHWVJ0NFd6diUyRjB3VWd6UmNKclpYcHBGampwWCUyRm01SVZnY2hSRyUyRjhvYTVlQ2U2ODBCZkFldVlzZzczc2J5R2IySGc2aUJCUnJ2bSUyQmxIQm1QY0hhdGRCSWZiU01TM1pNdGtoOVVTYjZSVDlXUHNQaGtqNzlHVHBIU3JRdnY3NmVHNFdFb1JlV0thQ2o5clA2Z2Y5RndyVmVtTTVZRVBHVHFpQzZqdFFGa1lwRFFORG1iemZHdyUyRmxlUlVLQ09DMCUyQnF6SENkR2VSTHd2U29CeTVvenpPODhvdXBIeHE2dkZJb1BMQjY1M0NrRGlPa0FnUFZvZms1eVhmY1NzeVFseHlVSW56OUlPdVUlMkI1UW1pSjQlMkZpWkxwNDRmZWRrWiUyRkhLWCUyRnRpMTJnNG0lMkJxVkN4aEVNUWx3WE1XMSUyRnEzMTZ3NVY2V0YlMkJ3emEwbkx3anlKVWVFSmw0WjlPOSUyQlBaY1d1Q2ZJMCUyRldHQ1ZCQmxteVJrV0Y4ekJmeWJreEZjTDNaWVBpT25mdWQycVZsM0hLdkFyMFhqdUpnZlBFR1N4QkpOaE9DWjlaNTglMkJtNjN4UElYU3JtOEpuYThjNTdPZjUlMkJOeG5CbjU4a1hXTGxwcVJpckRPY0U0V0E0bjdJbzBFampEYjIwNmFmZmlkSzdIVUE1MFBYdmcxTlJHUDk0VFh5aWFNNDc0akZmRG0yQW9yRlBxdnElMkJEbWhsVTM4RENodTY3ZWpBU1ZZbWNyZkdZZjdZMEkzNVB2U2x2Y1N1SCUyQmNqJTJCYiUyQiUyRiUyQk9OJTJCakJ0alVTY0szbGU0TXNrVVFRaWwwSFd3VjEzQ3ptNlJiZyUzRCUzRA=="}
00407{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797705,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoYEUAAIAGft9SduHECgwdZRuo74Zi7VJdEnbYtFAQ+vCtkwAA"}
00407{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797742,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoYEYAAIAGft5SduHECgwdZRuo74Zi7VJdEnbcVFAQ+vCp8wAA"}
02243{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":728827,"pkt_caplen":1412,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1412,"pkt_l4_len":1378,"pkt":"AAgCHEeuIOUqtpPxCABFAAV2YEgAAIAGeY5SduHECgwdZRuo74Zi7VJdEnbcVFAY+vDwMwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBUdWUsIDI5IERlYyAyMDIwIDE4OjIxOjQ5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiA1NjUzMg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQoNCt9qVvivS5njbjPP+PYiESkufSY2NBwPvvnHyiY29RlVUcWgqz2aIvCI30ph4ZB7gAsg4sYrw6DiahDColZ5c7Kb5tvBMWmCYiGNHuNsmJf7Huj9VYI9FR07cx2lwZ7GYisaxhrOouOAyayBA7kEIObsNo6X33XBYs8E4r6GwtAsV11qU+T0D\/Iim8CHkakB\/LhAn7QH2krJygLSJ56EglGnhrf+K5hHvICD06rkfkncxFWJu8vBdDsVrAerAwgDRYFkFqh6XzDUYylyL85lCJjE3taZN0a+4+2Jimj3vB0GlLb9stm5jqdv0Cnaa251FhV6nVDdjj0Jkl5899BkkZqkul+ChFNYwoIinB3X\/3DiEygF3sgyFV7TGlGJ1llDvl4vimhZRySn4m+Ur3Mb1pdnbQyLhzVJkj8C\/KgTGLjw9oNZ1ORv0tIwW42KxnZIu1\/zFOkPPMp+1pdjbdVXhqvKT0TC9zEgkTTzlFVmMHLe29xPRriSzU5at+eXH0sJo3ZOuNuMc1DD0xai228NNI7\/pufaVeJMcfRAzqN1D4LyZG2p4TvwCKzEn1SXdpnH0nGShubgkSHpBo5zJU7xTSmA47lQBrkcU\/aHl6N72BrTeqOezbPEh7ifHsOchWnIeMcKhe3vY6f+LZ\/wmBPIWu5F9BcbJZwtNrsXw8FfYP71wjVtfRXqBgjzU87viyDleZ+WIN2L9hOhvuiXXZHwkbynuqoyo3pI08qOjcxFhfT+CWPccU3nY1khPNDGKXClN0VTBj4FjJGGk30y9ChJR35dkBIWFPbBeXSGpdDWdMz7Teo\/KsiQvA3pO5QAaQ9\/b5Cq9Pc1yBVLejLzfRpSPBaWDbaxp51Jy4Bus\/oVgbbvxnKlLlXKzJxgwl65kLCk9CroONu5Mhoe7u7Ke5LlBFmLIRxdeKm6YIfQrDOaDYJIGVoiO+L+sU3bF5VDmvAD5+TWRqWLcrD6RG+a+yuM8WGGEn8iR6PkXt8fQu+q\/ork2JWOHV2h5Tvbsy3CVM26F2hFGUfi8aJux3sWY7\/Dx7iyR+JHSurfOuXXJc1hLCjBKnAMTxwLJLiHmXhZ29CmNMVJ5EJUwiq0q\/2NhH0R2EbdOZ405M1cWucYkX1e5JCUVsTfHCc+QZlTBpuQqAkt38qgSSzlBcSTkoOP1Gxnxd+VtaMEmUlp9CWF\/HxMOf\/vHmEoPR2d+NXMGo6i9bAJ22Y9c+FLSDIM0LuE1dCIUVHMdkx0Z1Mh6C\/N4qGyhUA8wq0XRzc+8T5UwU7j0QcyxIu4RVz1NP6IWh2TGDoxHPnXVfc\/vqSm0mXlvDHnMkU4kERTXYxCWoTOT9SGt35Y53gqVQ2XUcjUXhcXBh50FUv1TPyX4oFoqSthvUXa4Oqo1EHhocZxbKcuhBGNInGH9LHfXfnQQxnIuZLL+71U73xSRwBMooym2yn2Nc51TCapTOEmF6gltmYk1AV7+rutalady7J1kufphBaI4iy0ryagEWXXTS+CVgAzBmaPOxt8ZRNA7pLUYjSs7r6Mv837aMoS9D5h5MFZCMXP8dKJYWnjzxKEKWEeMCE="}
00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address","25":"HTTP suspicious content"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
00409{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":729030,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9VAAIAGK08KDB1lUnbhxO+GG6gSdtxUYu1Xq1AQ\/\/+flgAA"}
02252{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":731166,"pkt_caplen":1412,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1412,"pkt_l4_len":1378,"pkt":"AAgCHEeuIOUqtpPxCABFAAV2YEkAAIAGeY1SduHECgwdZRuo74Zi7VerEnbcVFAY+vBzIQAAOhQk+dfkANa6s9vW1xjo\/EvQkvmfXufhTIiprUjpdwv1HfBjv61gTwhLHYq3mF4QbVK9Hpp9ndVCZkYHTHjV+sBufLlmmhcV6ryrGW0AkBZkmPsQUmbRoYL5W\/WbifBo+45VpbFapb4FpBsLghzUiDontj\/AQ0kWd0LrCnByzwj0AIFoEHrbVYMqh20quTdNme468zsoNbI9IpAomq5jw6r76LUYpnGLQ8RFCaFuZp+nnu\/wJ02JpJTVmeoZNrniq0DLlLX8gI02JrJ7jR5lX6367KXftuH\/4Ac3QNSSVPDaWn7E8Jwtso4A9vlUuqZAj9PMILIJEb\/YlleKUgd90LCuIFRFoRAAUAo1kIlPsKC+6zPgn9WhNcU9yO2duZQJYDzc+VtwJozgLugivHsQUOmWiTfavndSF7xwC6bT+KArJT6MSkeYl19XTbCgdEPq6QoHjtmmX1litYyyF6UoxSzukjDUB1DtbEqImtkWxnr7vvlylKFdsuf0Wu8Hjx4yi0f\/ec+auTwhGn\/KKHaYS+TchWEps9Yp9ii\/NVnRP1w7r7gBRyXFUq64rzHWwFPt2Lv35lErqSvYBYQ97LABpl0catq0YiAC+oipVxrTRlQJRe4Z3PBQ2gjeUmIYtY4aAooaObGdVPisM77aQJpykf83q0JbCtHBSmRIwDHMXmPePUydP579tKv1rll8GOUikKtAEm8eaqkCqepufHsxSmHhlWRVQrc8QRAQYR6gy3nh0KB1D8eZj4IA5BTBpc4gb3WrBlUzqhoCE8Iij5Lr5CXPas5301XSJRo5wDD0z7MVzcnNrQM05PkrppVhxhjZH+fUgP9u1ZXAKlK52p22+ZOFQrvRYAiAteV0NaC6nIUdYX8TRt6QImK5rLqSs4Y9tD2YOcK0uSb+cbDBb+RoLePGyn8rF2AJ2\/eDR04TIN\/V6Y\/uBgG\/RTOgDbm7rsd1XC7xsqyraHF2JLqQsk85fomhldMj18dyZu8BHN6tTuuJlWqIBOAS0v+5U+MYt06yTFLu2pDJ3w0PF8xU58HsJDL4cDdtPgyDqKG4+6Tnn47MxdWxrkagi2RbZb1U8N+o8oqtNbe31VLknNvvqBaiakJp6R1W0yJgd8iu09r3ii9yaJyXUTmyhnKmywB0GV4tGqk9JVbyn+BGkLAVN3xkX4v8VZHAPB71u1WAeyGh0vROdp2UprUPIXudsG+UmB5OMcNFEqisptQFHIKUXJG7pDM0N\/Hf8Mug0Eo3IuvV67UZW4cgbriNX+yuJUIH1dvn++J8LxF06mYYrRR+dWmrcUFjVDebng7kBzEhi1gZ4X0qdFBMINT\/S\/2I6d9BO2kye11PHBhzYS9OtAyBreIkVaFTePVqflmDrBzuNay36GoPJYhuN3qJ3qbL8PsRgzMKDxxmfHR2rhq2HvyEGehTIeot3seUqzralbF3Z\/pZbnXbI1VZmOc8QlxK9TzZyvxs5K+4qdLN8oLgaBhAWLdAVHCNoC9dfla4Y6FAFBPgJcWi\/3s6GcyrWfrkMd8XAtx\/r00NyTDMr98EX3jktcAA6o7hdfTl+YfTlAKn00zGj\/IuTEyCt0z90cAecDSI\/pYEPvW1QgX+NVC+uVBSvhvB4xQWXNfeu0rTjiGbGYI1L\/MEldCpTMOVoZZzFsvxF+AjKgUJd892OhI2HDlUYZrxzjoeAYWyIu3LcNOX7NZk9lDaDwR\/PiOMLCn6WhibL0w5C1ffo\/BtafsrsQKKKbiTB5mrTbDRWwV+juKrJtyn5d7\/yRuYlcidjsXodOCK2bJxoehB+TZS1zQnzRMil2c="}
00411{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":731310,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9ZAAIAGK04KDB1lUnbhxO+GG6gSdtxUYu1c+VAQ\/\/+aSAAA"}
02388{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":211400,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcYEoAAIAGeSZSduHECgwdZRuo74Zi7Vz5EnbcVFAQ+vBtpQAAoxSHM57GbFToRIY1N+HSjEsYNsF+EGSohXSzaiscwjdBuSMMnQ7WWzWOZWUm3CqnddU27G1Jwt5r4DDtlm0GSxJVGWcrffW1AEJAiWV7L6DzOOE4Nhb37RXBXub9t7o3W+fB9WsEA\/m2PZk9dSDd0vs8Qx1FFR4TCQJzP1zZbJuDftDtJxS9FHnilNaP9F4SzbrqbGEsfAlIkiM2uEN0r+NsCR3JnvCw0q82I4nWVQFWoHXjfxKusCUvpHg2Qnnrpb0OYG9GVVx2C8OF7KXolO4rJoMZayAEKALZvfo4ood4czbTDY1JPBoVq9ZqfnDEwstzsq2BJ1ldGLvLtXSJwObr56uxP0YhBhcXikS0f86KJ3Gr8EIrUlf4hGjcr5eyhLnPc0r86yxehw4pEVpHXHr9MHqWn9PrNYLgZHJzfC2qF\/TDS9ApBbPs7ykZeOsmD7MqTbBBJxAxGTnyGLiJZ\/DZ7FiQs22AzJUaDjduNnhyYK2d3ZRqMM3SLyUf5abSkeoQmS93SmbxwerwjJ285lBvOqe0MreZpZCGPJjRIUnWgWrqfE0OmRs7fB0fvwLaql\/+wKPBCZwVJ5gBsw13zDfjwJcH6ZR\/jrsKrXHPesRL4Qa4twfPMkDfrAUxzspeUqIHGebq8glqJSZDgOSfGvJM3ovzLzBWBztFcWsADSpsm84jCtG4PK0BJHQN7FDx1dsvd59YQfCPQWsBof6ycvWipiFo623\/rIcT7R1aOlxBZOlarYoDz0ENTLpqFuHGpSw1DOssGsUCO1AH41imNW69v9dVTqT8TXoeFaWHvz+5pBJMjZXzlHMZdMBtuecrkMkr80Z55AdWKEcXhILqLmEUsu+72FV77fdRgGulbwqeS1gdbdG43dDFV32nxzVsuNcGOvgCYz3o7vWKFjjm4o1SomvwI8FAnU1BEr06k\/OYBdxDMPaGdTGG25gUkqqL9diUqPsljGTKZnBvY7vw2y8yluthCVVJGYZDTTsigPffGhLMcrVDlKXKTC9uXdVxCjgrJWYJml85GPu9I3okQwl1QKXVJMhMAW1+t8C11VZ3p1raLmieMTbUBfGBWmwaXucKBmjDCuFSZ+WDJzIwsRL6UB3qPQoICuD+SUbJm6AFEFlWWqiiQNbgtc6X+1ZIS\/+b4t5JVkSfxWOdFeKFgtlZfTdj\/ib+L98ku6EZaApMl2nULZOARAVwHy4soa14tOvgqUfsVEihjkAJ6yke2oJEwGYZNPItE3YWrd2MHhN70fdoe51AHH1jARQW7SsoolDR6SIt2iA80AC4sfo\/MWshYmGd3T9O6xN\/2fJkvXL9nul\/oRYnld3YrKxrjU2L7VXOSRAGb2WsYqKrpNYhLS3cQUUEBRJZBkMfAiGpgfxuBA8PQmE4AF\/ZBPkSJFXiTDMvO6gckxVli4vkfh7cIL6DgZGb\/kr0j9jfzIQJxBzRL6R+a6AtuxIkrJuIl+aJKA2sI\/zhQ4YraTQWgUisj4oM3rbu9WwMhT\/klFsciKvPuObLSJor6myjhSN4mdxbVb5ywOwG9UFIjBECqbhJp2jRsInNDfoVig1nPyNbeElHI6aSR\/tUhsnzWawVN103Z6xymIh9D0SVzlpkVUrzEyvUlo2X6x\/SVnHqfrPfUYj8w2TStM+w0VQ\/iDgbCNe+hZ7C7I1ZVV++2HXK4NlnVkCxHhlOdV+eBgsdIJ7NuyKdZpVsiLcJTh9pIOJTnXP2\/p4163SOGCJWP9Dgy5XGZHwbKc1tnzfclmXvyA+MTRiGxfimuFdJvZgQZKNxxhsGf\/qNDcf1icau\/Cm\/w46PC76d98TcB2cNLmAiQecMfBpNv7aFJZV0eBTjDn+gKMRrxswN0yus5RZHdmCc5\/fV\/bmhDdGMsRPKY3Nrk3g05AeVp10BDzeADcye1t0tIeyEIxqdCsPP4TKtZ6h26LvAhzpAVE0="}
02158{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":211419,"pkt_caplen":1337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1337,"pkt_l4_len":1303,"pkt":"AAgCHEeuIOUqtpPxCABFAAUrYEsAAIAGedZSduHECgwdZRuo74Zi7WKtEnbcVFAY+vD7bAAAawe5rQdB18cRNYwP9H12ICqsTdYSAXHsJb3kVdaHDZmteN+FhZcKiwd0uGSY2Ln2tNhGYI\/W3sbikFe0sqfREPsx6ZgTbH6JLQpFVzLYhqoMFoo7TPYBMrcOPqfPsi\/6JuRDpI9yxkUD+iGOu6vRgPjgdPrp4vCQB1cVfELTzyTp76Sy\/yOuP58LajXVZsDb9xuu5hJ4iPWLX0AMQGCaHHoEtWqDMkQ9IWtWHPoHl2uL62Zcxsv2ewXM2a7eGXQQHLVtG23DKp8b2iMTb3KqK4jfTUzCPZbu0P6DbPhkanxWKtAsM+wExQVVaLstVJ9vs3p0T0USqZUr6NkyTxc+I8zFpsiGNegFljxO3WxMytBberzkI1HZdCUn0d\/Wq+xEnSjl7MiXAHWfpNaCKX3SKazOzNKAeIRh+hn9Tcp9Fz\/lRt3iG36YbiZm+aiqPwGeWuXmFbwk6sQFBS\/KY0q6o508hZJOfxTEdCBJywjSlBbTBn2KlO7c1iDlLFLzI5y1CADqMsqBJjFwz2JDuESyvaipEJgchjHyIcSOI51FJHzrEY3bTrEhFcvistP8ijiS6Ddrm0qw4lO5zxezmPnzEi2pkwp+zOyYSGoJP7p7Q3HXlXbHo4kTVrNzPHer43ytGV5NZcpBAa+7wJDgys72yjxRCA3jHzMYsVNRer8bjAyp3bToVFEYlhq4loljXQTJmkzl9Mhkwv11m+3irGy0HIam5ZohkUNho8K4fpubpqemAb5HqF4D+x3+zDYfBJt5n1eCKv8R5wK10cGRalYA\/dQy2R33\/jpVV4SPgu6fsvK05EYGgkBkHwlaXojbj\/SC4Zr3g5XTJVKAT51\/ovKfWC3oAyftKTJgc9TNVwpVXWGHCWhvDbnxH0cHUxDKtGe+Pax\/q20BdePl5SmZ2igjyaG\/e0nlC3oirk+eE+Xq+iGp4Ww1Ud2AgkhL59lKMFZjhpqQfhrwWCNmtdCDeiBuygGfDkZCmPc5FMtFhq57rVa2AJddnBCwlGtDMquxkYWB1O2LMg4XocsKYxT2XDLZ7usm0N4xtZAcu+eY9qQXbIXg1RIe168AU3u398rdWoExKGL\/B6RWQGfO2kHCWdMu2hDqjFlL85FPbXaGaQJLUBES8CmxT3++M4kIsDT1OQzdoaypaAijsi6UhL9Zs5OW\/6RB\/mf0cojWV8D52lO9l33qYCbtSPK6rNdJgvFWHzkne2NKphN49\/o4xMtbuj4H8KR\/HdME2HhizqBJtVphLx+J6Sr4lVZo7QcJ+9EDk1aFlh0FlrT7pTIMmQYqKAMIKBFB9ZnzERlD8\/Qc0cH97Tbu3hSpGyQttu\/Zo9i6ecgtUE4lI0D\/GtrWyw6x4PSh0Yggmv\/KjRXBuc2huhw9y1+B4w1B\/A7z02klinrbZh6VekIcTq+uJsYOJi1XHIAX4D2DNMzkZ8wMa6ayxBrPZMq+V3Zv1j3\/AcCsigUfR\/DkLmzkEBrahjuEaR9yZkYHt8YuwYqYF\/Z0bqdOwDsKiYyz\/VN5VInCFM089BDi8prytU2EUU5Y3VFqUqM+6BajAYDuSLFe+Sx9jKFpZbyafVj3Q7\/Xm1FpBXspidAQZDus8qnHJFlDp5l6xrHCr4itKZ72iDdWR1FSth9hv9b2LQWKn\/3nfrqNJv\/Wqq+P5cFBv0o3cG+0Ad\/eQhXM2l3yqzXnGG\/1794F8Ae3wSGS46FYePo="}
00411{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":211610,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9dAAIAGK00KDB1lUnbhxO+GG6gSdtxUYu1nsFAQ\/\/+PkQAA"}
02403{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":508985,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcYE0AAIAGeSNSduHECgwdZRuo74Zi7WewEnbcVFAQ+vCZ3wAAKxkPv0AaA6ZGcQjAFPG1i3bFgP7usmIhGBKyiXvC+9Coca73cem7oBgmT\/W0abVcwBTLNBjxNKVWAHQ4nygPFvB01N+NUYOWTHfT9BmVMGJLX68WbXxyyW4BWXsrgNax7AkOcb9M8cpE2wfv+Syw1p2\/3b19rXRJhamDlMt7QQCyVLj7MG\/gmo5aA\/RMLoovC\/cnwNKc4yHWMQ\/spJ5AqgmiozWq7NpbcFXR6FeOs+bFx5vY3zBfokCkV7h0fwMLoGubeAdlxHIF5vqz3WZYoyRDF7MGVkzLVX8n1NghN6XolPvX75Zwox0rUZVWSJD3XhMVU\/E\/IXpndmjItwgKgMdfrMlo+LZ0tGMMAhYMSZnC\/5MVT+VB0pLkzr753cFidiyQesvEx26Uvpw7amSYI\/k\/eHnCs5V3pkgxmyEXlj3AaE7IhPh\/3ZGl0pWRqBWT2FCvfC210NkKOsPoWKdErIZZ+dDtfUiIXGC3JCByN8o2TVtDdsHUiik7FsKEcX5TMyGJKXFAQP1XFBEIGgYKdeY3ED2tmOdYYGrBzKy+koAAgJXqZ0q1h3iFh2RrGL4tysay2MTGZiGDjF8hRpd1O8\/s7glx+VWCUa4f29+nbunC9+eh1djoeE0yYlUf25swEQHzTdM86HExsD\/znUfBQ30i4lz5F8omVaNwZC+\/HNRWFKu7g0r6kJ3fFg9yxqQtFbPbu+KXEH02jlKE6Qr0T9X36ZNG0cRuEBIpLRknN6Zp8ugd2Ga6hIlICjGA99gCumhWqU3FJJ66wIr1+Kcsh6XBUk9HqOE5Wyu9siM4gDySlCu+oXAg6\/xgSilX2mbXQU0rt0fCyrLrLm9hFcn6arcSqN4LyIv3Zgb5GNOqlS7VHIkzRnGRgCTwe8EvCWN\/v6EgXDQ1DHFrzgusR+nvjBfCcC83mpGRb9TLQ1zYJr\/u\/abfVw80vOeM2ZWp3Cb+l5i24AZF5ytjOsJAmq6oXHwznGBDGbyOTVWDiUZNU6TsmZulUQs5tMVAgpChF\/7E+gHoeWinkxc\/a0VOUmEEPH06pjPsiIOmd\/9apUwMV\/l+wKmptaS+LQMLHbNj2VaNPPwzXvR9k3Y0x7ZELJzo41B8VLjajkegyhOiGz47IFUHiZThn4UvYBnnsWYBZIeajBkbS1QREMxuZVz6Vm5Pp+K9t5nY+SimaScNl9WLDmHOAOtW4n9FH4zlN8z9D0F\/a1maWmRHFJN4Kt5Mu+r\/FrWazx3ECmYB80\/Xuj7cHSofm8Uk0wACYiSd9+vUkmYel7uV9c85NwAxkVazfPvCgLQL\/U4Ldoc2Qxz1\/54oE3uRFk9h\/V7WvtguMFm4LPPB9TlhO\/LXtUXVYqp91zHP36CgItPdmRLyg96LS3eyGGWomV0QNG4Zyf\/H0Gfyik4d25JvDgixmtOeK+EjU3ob07I3+xY7wSO3QELs3tUX2O5F\/8mKYxURnBDle9ZCs1xR7LffyD3IhzxsGl0pIAddsfcwzjb2G1pUPNdQ5kMBAD+gxPZWVJaN\/jzh4Zjx0Lte9IS+nTCfaHYkIJXpnIKYnipEOH5Flsd7+vohDpige+YQHRZVG2LlzghLfY0gBkuppDdOhrgA5HYnUxu9FNWVkOumFlvD5W+DkRvWL\/r6ouDQB1CyE9ybFYTUoAyiclYov9WWv5JLWLTcc5oqDZRMUnk8LMnIcEEGSTbaq7GhpzepcUz6IA1KsLUj+rvvww1hoe3HUUDZgZsWwKM3jL756Ht\/OrdOVuxtL2xBIgpeu7dcLIdPrmQDbN6GAUQagfSDS0vFfbfF06tAOI2B3G36NuxPUeQdJU8QBCY12yiab\/DH\/AX6bHTMRxzY8yktz2iRCVkcb7CEdvUZY\/ZpHqZJF\/AX5PWXS\/jzQLmWyemVvh0PBn0HowzcWrkaDlMqPQ+aaxgwq8idVQc8LQM3F5G2OgOALbU="}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 74/74
~~ skipped flows.............: 0
~~ total layer4 data length..: 59486 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4822405 bytes
~~ total memory freed........: 4822405 bytes
~~ total allocations/frees...: 58436/58436
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by cgit, Themed by Ted Yin.