summaryrefslogtreecommitdiff
path: root/test/results/zoom2.pcap.out
blob: f0b98bf0aafabdcee886bb9121f90066223aa1d4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642965458402978}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642965458577754,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642965458577754,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"}
01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01572{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}}}
02241{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965459315313,"flow_dst_last_pkt_time":1642965459315763,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3004,"flow_dst_tot_l4_payload_len":9722,"midstream":0,"thread_ts_usec":1642965459315763,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":58874.8,"max":198571,"stddev":83051.8,"var":6897604608.0,"ent":3.4,"data": [174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2]},"pktlen": {"min":52,"avg":450.3,"max":1492,"stddev":547.4,"var":299645.5,"ent":4.0,"data": [64,60,52,569,52,1492,1492,1268,814,52,52,52,52,178,103,52,208,127,52,1492,767,52,1492,442,52,200,52,102,1330,52,1330,256]},"bins": {"c_to_s": [11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1],"entropies": [4.254878044,5.233453751,5.053297043,4.421474934,5.063529015,7.154266357,7.350361347,7.483180046,7.590131760,5.022342205,4.983880997,5.022342205,4.983880520,6.548796177,5.785968304,4.855899334,6.773957253,6.347529888,5.014834881,7.875683308,7.723464012,5.132945061,7.879707336,7.463565826,4.976374149,6.741343498,5.014835358,5.970962524,7.852532387,5.014835358,7.852782249,6.910366535]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459595620,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459696999,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXZlQAAEARd0rAqAGykMNJmuztImEAg30SAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hpABvYaQAAABASNx7XNkhaVV2TkWPa7HXWfzTaegL7lyuofS42ADMsef1ZS+nG51oqDil0vt0Fn4zbdXfyiCV8oAbYGEn4LlcKwAAAAAAQABAAAB1MAABAAMAAiAA"}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459762205,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965459762205,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvJFAADER8FuQw0mawKgBsiJh7O0ANHLoAgADyErEUocYzaK4R3obiZ8zgwBPg3gAb2E\/AAAAAAAAAAAAQABAAAPgAwA="}
01998{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":21,"avg":25414.0,"max":166585,"stddev":40490.2,"var":1639456256.0,"ent":3.6,"data": [101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205]},"pktlen": {"min":46,"avg":704.7,"max":1064,"stddev":464.6,"var":215864.3,"ent":4.6,"data": [151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064]},"bins": {"c_to_s": [0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753]}}
00880{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460219455,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965460219455,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1642965460219455,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965460219455,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXHkIAAEARv1zAqAGykMNJmuMFImEAg0sbAQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9jrwBvY68AAABAl22YpdImmjxXhx5z1M7uHC\/xx4xLX\/xo6rKtN3WTuu3glztmqi13Dg3+OBrijJCCvcHGEhZr6j9A\/GzgvpreMAAAAAAAQABAAAB1MAABAAMAAiAA"}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965460317924,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXuuwAAEARIrLAqAGykMNJmuMFImEAg\/g7AQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9kEQBvZBEAAABAYCF6J0n\/WNesLuhly3GilJRpD8dJ+KbseJYiXUvXdBy1BvwwVV6C\/wnkDo4q0xg18raEv1VcZUiYfPp+4+eDYQAAAAAAQABAAAB1MAABAAMAAiAA"}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965460359314,"flow_dst_last_pkt_time":1642965460359314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":125,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965460359314,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1642965460359314,"flow_dst_last_pkt_time":1642965460359314,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1642965460359314,"pkt":"EBMx8Tl2KDc3AG3ICABFAACZRuYAAEARlrbAqAGykMNJmuJhImEAhZWQAQADwkJYttycXaTnsMPEsai0ugAAAAAAAAACAG9kOwBvZDsAAABApVhZIZOkPdPcglYaSbgpBjDk\/MvSG2goKbIYnvwwI7Hk5hukCNUa7y2hxCyksMeoW3RGKeDuDF4Y532DNkXq3f\/\/\/\/8AQABAAAB1MAABAAMAAiAACgA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460395901,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460395901,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvbFAADER7zuQw0mawKgBsiJh4wUANKrxAgADlUCX4nL8uBw5x1bMJMqfpQBPg3kAb2OvAAAAAAAAAAAAQABAAAPgAwA="}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460359314,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1642965460461401,"pkt":"EBMx8Tl2KDc3AG3ICABFAACZ6kAAAEAR81vAqAGykMNJmuJhImEAhaEiAQADwkJYttycXaTnsMPEsai0ugAAAAAAAAACAG9koQBvZKEAAABA6DEQatkP0ZiaMugg0SFSq6JqmaXOleBRM3eRUGv0uLvPr6CL4g3oVryKRdoOzve7SJqEd+2jwB1vjsn7k5LMNv\/\/\/\/8AQABAAAB1MAABAAMAAiAACgA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460546911,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460546911,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvg1AAC8R8N+Qw0mawKgBsiJh4mEANErbAgADwkJYttycXaTnsMPEsai0ugBPg3oAb2Q7AAAAAAAAAAAAQABAAAPgAwA="}
01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":12,"avg":42778.1,"max":176446,"stddev":48878.6,"var":2389121792.0,"ent":4.1,"data": [98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502]},"pktlen": {"min":46,"avg":129.0,"max":189,"stddev":35.8,"var":1279.8,"ent":4.9,"data": [151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]},"bins": {"c_to_s": [0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1],"entropies": [5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172]}}
00879{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
01953{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":8,"avg":46715.2,"max":187597,"stddev":42950.9,"var":1844783744.0,"ent":4.3,"data": [102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582]},"pktlen": {"min":46,"avg":91.1,"max":171,"stddev":44.6,"var":1993.4,"ent":4.8,"data": [153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55]},"bins": {"c_to_s": [7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0],"entropies": [5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220]}}
00877{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00878{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00727{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500049643,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4064AAEABCl\/AqAGykMNJmgMD9zUAAAAARQAAdCt\/QAAxEYFCkMNJmsCoAbIiYeMFAGAAAA=="}
00852{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.253434}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11812,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1642965500053376,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500053376,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA48ZAAAEAB7HzAqAGykMNJmgMD6XYAAAAARQAESyuFQAAxEX1lkMNJmsCoAbIiYeztBDcAAA=="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11815,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1642965500054265,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500054265,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4fvIAAEABXxvAqAGykMNJmgMD6XYAAAAARQAESyuHQAAxEX1jkMNJmsCoAbIiYeztBDcAAA=="}
00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
01060{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":491,"flow_dst_packets_processed":411,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965502810385,"flow_dst_last_pkt_time":1642965502810488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":76227,"flow_dst_tot_l4_payload_len":31503,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1283,"flow_dst_packets_processed":947,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965500042137,"flow_dst_last_pkt_time":1642965500203618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":248698,"flow_dst_tot_l4_payload_len":119844,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3824,"flow_dst_packets_processed":4907,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965500043662,"flow_dst_last_pkt_time":1642965500185977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1297,"flow_dst_max_l4_payload_len":1297,"flow_src_tot_l4_payload_len":4001782,"flow_dst_tot_l4_payload_len":3997349,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00874{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500203663,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":11977,"packets-processed":11977,"total-skipped-flows":0,"total-l4-payload-len":8482462,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1642965502810488}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 11977/11977
~~ skipped flows.............: 0
~~ total layer4 data length..: 8482462 bytes
~~ total detected protocols..: 5
~~ total active/idle flows...: 5/5
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6407571 bytes
~~ total memory freed........: 6407571 bytes
~~ total allocations/frees...: 133521/133521
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 490 chars
~~ json string max len.......: 2246 chars
~~ json string avg len.......: 1367 chars
Powered by cgit, Themed by Ted Yin.