github-personal/nDPId
1
0
Fork 0
mirror of https://github.com/outbackdingo/nDPId.git synced 2026-01-28 02:19:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-personal:1.0
Branches Tags
github-personal:main github-personal:tmp github-personal:add/apple-bsd-port github-personal:add/event-io-abstraction github-personal:ndpi-example-proposal github-personal:add/tls-proxy-support github-personal:add/nDPId-UDP-endpoint
github-personal:1.6 github-personal:1.6rc4 github-personal:1.6rc3 github-personal:1.6rc2 github-personal:1.6rc1 github-personal:1.5 github-personal:1.4 github-personal:1.3 github-personal:1.2 github-personal:1.1 github-personal:1.0
..
compare: github-personal:1.4
Branches Tags
github-personal:main github-personal:tmp github-personal:add/apple-bsd-port github-personal:add/event-io-abstraction github-personal:ndpi-example-proposal github-personal:add/tls-proxy-support github-personal:add/nDPId-UDP-endpoint
github-personal:1.6 github-personal:1.6rc4 github-personal:1.6rc3 github-personal:1.6rc2 github-personal:1.6rc1 github-personal:1.5 github-personal:1.4 github-personal:1.3 github-personal:1.2 github-personal:1.1 github-personal:1.0

18 Commits
1.0 ... 1.4

Author SHA1 Message Date
Toni Uhlig
5954e46340 Build system cleanup / cosmetics. 
* libnDPI submodule update

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-06-07 16:22:49 +02:00
Toni Uhlig
54e0601fec Unified IO buffer mgmt. 
* c-collectd gives the user control over collectd-exec instance name
 * added missing collectd type `flow_l4_icmp_count`

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-06-07 15:04:46 +02:00
Toni Uhlig
382706cd20 flow-dash: Simplified and extended bar graph. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-28 18:41:32 +02:00
Toni Uhlig
96dc563d91 flow-dash: Added live bars visualising midstream/risky flow count. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-28 02:14:23 +02:00
Toni Uhlig
12e0ae98b6 Added realtime web based graph example using Plotly/Dash. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-27 15:05:06 +02:00
Toni Uhlig
2a59c0513c libnDPI updated to c4084ca3c7b3657659aff624158a9c4f5710f57d 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-26 17:26:07 +02:00
Toni Uhlig
e3d1a8a772 Added simple Python Multiprocess example. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-26 17:18:20 +02:00
Toni Uhlig
4b6ead68a1 nDPIsrvd-captured: skip empty flows based on flow total payload length 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-20 15:40:36 +02:00
Toni Uhlig
9a1c2d0ea7 Reworked layer 4 flow length naming/calculation. 
* nDPIsrvd services usually do not care about layer4 data length,
   payload length is quite more essential for further processing

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-20 14:55:05 +02:00
Toni Uhlig
db39772aa7 Fixed CMake global CFLAGS misuse which can cause xcompile errors. 
nDPIsrvd-captured supports skipping flows w/o any layer 4 payload.

 * libndpi update
 * run_tests does not generate any *.out files for fuzz-*.pcap anymore and
   does not fail if nDPId-test exits with value 1 (most likely caused by a libpcap failure)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-19 15:56:20 +02:00
Toni Uhlig
9ffaeef24d README.md update 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-14 00:16:47 +02:00
Toni Uhlig
3a0fbe7433 Cosmetic fixes. 
* daemon.sh script to simplify daemon testing

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-13 20:08:27 +02:00
Toni Uhlig
da4942b41c Use layer4 specific flow timeouts. 
* default values "stolen" from nf_conntrack

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-13 15:41:24 +02:00
Toni Uhlig
182867a071 Reduced superfluous Travis-CI yaml content. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-12 15:17:07 +02:00
Toni Uhlig
241a7fdc4f Added missing datalink types. 
* basicially C&P from nDPI reader_utils but with some more sanity checks

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-12 13:48:49 +02:00
Toni Uhlig
fa079d2346 Git submodule libnDPI update. 
* enable ctest to run integration tests (**only** if BUILD_NDPI=ON)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-12 12:46:49 +02:00
Toni Uhlig
50f9c1bba1 OpenWrt compatible build system. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-11 17:51:57 +02:00
Toni Uhlig
98a6dc5d3b Added GPL-3 License. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-05-11 16:33:34 +02:00
237 changed files with 30066 additions and 37387 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -4,3 +4,6 @@ __pycache__
# go related
*.sum
# lockfiles generated by some shell scripts
*.lock

2
.gitmodules vendored
View File

@@ -1,3 +1,5 @@
[submodule "libnDPI"]
path = libnDPI
url = https://github.com/ntop/nDPI
branch = dev
update = rebase

17
.travis.yml
View File

@@ -3,11 +3,16 @@ before_install:
- sudo apt-get -qq update
- sudo apt-get install -y build-essential make binutils gcc autoconf automake libtool pkg-config git libpcap-dev libgcrypt-dev libgpg-error-dev libjson-c-dev netcat-openbsd python3 python3-jsonschema
script:
- git submodule update --init
# static linked build
- mkdir build-cmake-submodule && cd build-cmake-submodule && cmake .. -DBUILD_EXAMPLES=ON -DBUILD_NDPI=ON -DENABLE_SANITIZER=ON && make && cd ..
- mkdir build-cmake-submodule && cd build-cmake-submodule &&
cmake .. -DBUILD_EXAMPLES=ON -DBUILD_NDPI=ON -DENABLE_SANITIZER=ON && make && cd ..
- ./test/run_tests.sh ./libnDPI ./build-cmake-submodule/nDPId-test
# pkg-config dynamic linked build
- PKG_CONFIG_PATH="$(realpath ./build-cmake-submodule/libnDPI/lib/pkgconfig)" cmake . -DBUILD_EXAMPLES=ON -DENABLE_SANITIZER=ON -DENABLE_MEMORY_PROFILING=ON && make
- ./nDPId-test || test $? -eq 1
- ./nDPId -h || test $? -eq 1
- ./test/run_tests.sh
- mkdir build && cd build &&
PKG_CONFIG_PATH="$(realpath ../build-cmake-submodule/libnDPI/lib/pkgconfig)"
cmake .. -DBUILD_EXAMPLES=ON -DENABLE_SANITIZER=ON -DENABLE_MEMORY_PROFILING=ON && make && cd ..
- ./build/nDPId-test || test $? -eq 1
- ./build/nDPId -h || test $? -eq 1
# dameon start/stop test
- ./scripts/daemon.sh ./build/nDPId ./build/nDPIsrvd
- ./scripts/daemon.sh ./build/nDPId ./build/nDPIsrvd

90
CMakeLists.txt
View File

@@ -8,6 +8,7 @@ option(ENABLE_SANITIZER_THREAD "Enable TSAN (does not work together with ASAN)."
option(ENABLE_MEMORY_PROFILING "Enable dynamic memory tracking." OFF)
option(BUILD_EXAMPLES "Build C examples." ON)
option(BUILD_NDPI "Clone and build nDPI from github." OFF)
option(NDPI_NO_PKGCONFIG "Do not use pkgconfig to search for libnDPI." OFF)
set(STATIC_LIBNDPI_INSTALLDIR "" CACHE STRING "Path to a installation directory of libnDPI e.g. /opt/libnDPI/usr")
@@ -15,9 +16,23 @@ add_executable(nDPId nDPId.c utils.c)
add_executable(nDPIsrvd nDPIsrvd.c utils.c)
add_executable(nDPId-test nDPId-test.c utils.c)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -DJSMN_STATIC=1 -DJSMN_STRICT=1")
set(BUILD_NDPI_CONFIGURE_OPTS "")
add_custom_target(daemon)
add_custom_command(
TARGET daemon
COMMAND "${CMAKE_SOURCE_DIR}/daemon.sh" "$<TARGET_FILE:nDPId>" "$<TARGET_FILE:nDPIsrvd>"
DEPENDS nDPId nDPIsrvd
)
if(BUILD_NDPI)
enable_testing()
add_test(NAME run_tests
COMMAND "${CMAKE_SOURCE_DIR}/test/run_tests.sh"
"${CMAKE_SOURCE_DIR}/libnDPI"
"$<TARGET_FILE:nDPId-test>")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra")
set(NDPID_C_FLAGS -DJSMN_STATIC=1 -DJSMN_STRICT=1)
if(ENABLE_MEMORY_PROFILING)
set(MEMORY_PROFILING_CFLAGS "-DENABLE_MEMORY_PROFILING=1"
"-Duthash_malloc=nDPIsrvd_uthash_malloc"
@@ -35,32 +50,34 @@ if(ENABLE_SANITIZER AND ENABLE_SANITIZER_THREAD)
endif()
if(ENABLE_SANITIZER)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=enum -fsanitize=leak")
set(BUILD_NDPI_CONFIGURE_OPTS "${BUILD_NDPI_CONFIGURE_OPTS} --with-sanitizer")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=enum -fsanitize=leak")
endif()
if(ENABLE_SANITIZER_THREAD)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined -fsanitize=enum -fsanitize=thread")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined -fno-sanitize=alignment -fsanitize=enum -fsanitize=thread")
endif()
if(BUILD_NDPI)
if(STATIC_LIBNDPI_INSTALLDIR STREQUAL "" AND BUILD_NDPI)
include(ExternalProject)
ExternalProject_Add(
libnDPI
SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/libnDPI
CONFIGURE_COMMAND git submodule update --init &&
${CMAKE_CURRENT_SOURCE_DIR}/libnDPI/autogen.sh
--prefix=${CMAKE_CURRENT_BINARY_DIR}/libnDPI
${BUILD_NDPI_CONFIGURE_OPTS}
CONFIGURE_COMMAND env CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} LDFLAGS=${CMAKE_EXE_LINKER_FLAGS}
MAKE_PROGRAM=${CMAKE_MAKE_PROGRAM} DEST_INSTALL=${CMAKE_BINARY_DIR}/libnDPI
${CMAKE_CURRENT_SOURCE_DIR}/scripts/get-and-build-libndpi.sh
BUILD_COMMAND make
BUILD_IN_SOURCE 1)
add_custom_target(clean-libnDPI
COMMAND rm -rf ${CMAKE_BINARY_DIR}/libnDPI ${CMAKE_BINARY_DIR}/libnDPI-prefix
)
set(STATIC_LIBNDPI_INSTALLDIR "${CMAKE_BINARY_DIR}/libnDPI")
add_dependencies(nDPId libnDPI)
add_dependencies(nDPId-test libnDPI)
endif()
if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "" OR BUILD_NDPI)
if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "" OR BUILD_NDPI OR NDPI_NO_PKGCONFIG)
option(NDPI_WITH_GCRYPT "Link static libndpi library against libgcrypt." ON)
option(NDPI_WITH_PCRE "Link static libndpi library against libpcre." OFF)
option(NDPI_WITH_MAXMINDDB "Link static libndpi library against libmaxminddb." OFF)
@@ -72,27 +89,39 @@ if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "" OR BUILD_NDPI)
if(NDPI_WITH_PCRE)
pkg_check_modules(PCRE REQUIRED libpcre>=8.39)
endif()
if(NDPI_WITH_MAXMINDDB)
pkg_check_modules(MAXMINDDB REQUIRED libmaxminddb)
endif()
endif()
if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "" OR BUILD_NDPI)
set(STATIC_LIBNDPI_INC "${STATIC_LIBNDPI_INSTALLDIR}/include/ndpi")
set(STATIC_LIBNDPI_LIB "${STATIC_LIBNDPI_INSTALLDIR}/lib/libndpi.a")
else()
pkg_check_modules(NDPI REQUIRED libndpi>=3.5.0)
set(STATIC_LIBNDPI_INC "")
set(STATIC_LIBNDPI_LIB "")
if(NOT NDPI_NO_PKGCONFIG)
pkg_check_modules(NDPI REQUIRED libndpi>=3.5.0)
set(STATIC_LIBNDPI_INC "")
set(STATIC_LIBNDPI_LIB "")
else()
set(LIBNDPI_INC "" CACHE STRING "/usr/include/ndpi")
set(LIBNDPI_LIB "" CACHE STRING "/usr/lib/libndpi.a")
set(STATIC_LIBNDPI_INC "${LIBNDPI_INC}")
set(STATIC_LIBNDPI_LIB "${LIBNDPI_LIB}")
endif()
endif()
find_package(PCAP "1.8.1" REQUIRED)
target_compile_options(nDPId PRIVATE ${MEMORY_PROFILING_CFLAGS} "-pthread")
target_compile_options(nDPId PRIVATE ${NDPID_C_FLAGS} ${MEMORY_PROFILING_CFLAGS} "-pthread")
target_include_directories(nDPId PRIVATE "${STATIC_LIBNDPI_INC}" "${NDPI_INCLUDEDIR}" "${NDPI_INCLUDEDIR}/ndpi")
target_link_libraries(nDPId "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
"${pkgcfg_lib_PCRE_pcre}" "${pkgcfg_lib_MAXMINDDB_maxminddb}"
"${GCRYPT_LIBRARY}" "${PCAP_LIBRARY}"
"-pthread")
target_compile_options(nDPId PRIVATE ${MEMORY_PROFILING_CFLAGS})
target_compile_options(nDPId PRIVATE ${NDPID_C_FLAGS} ${MEMORY_PROFILING_CFLAGS})
target_include_directories(nDPIsrvd PRIVATE
"${CMAKE_SOURCE_DIR}"
"${CMAKE_SOURCE_DIR}/dependencies"
@@ -104,7 +133,7 @@ target_include_directories(nDPId-test PRIVATE
"${CMAKE_SOURCE_DIR}/dependencies"
"${CMAKE_SOURCE_DIR}/dependencies/jsmn"
"${CMAKE_SOURCE_DIR}/dependencies/uthash/src")
target_compile_options(nDPId-test PRIVATE ${MEMORY_PROFILING_CFLAGS} "-Wno-unused-function" "-pthread")
target_compile_options(nDPId-test PRIVATE ${NDPID_C_FLAGS} ${MEMORY_PROFILING_CFLAGS} "-Wno-unused-function" "-pthread")
target_include_directories(nDPId-test PRIVATE "${STATIC_LIBNDPI_INC}" "${NDPI_INCLUDEDIR}" "${NDPI_INCLUDEDIR}/ndpi")
target_compile_definitions(nDPId-test PRIVATE "-D_GNU_SOURCE=1" "-DNO_MAIN=1" "-Dsyslog=mock_syslog_stderr")
target_link_libraries(nDPId-test "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
@@ -114,7 +143,7 @@ target_link_libraries(nDPId-test "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi
if(BUILD_EXAMPLES)
add_executable(nDPIsrvd-collectd examples/c-collectd/c-collectd.c)
target_compile_options(nDPIsrvd-collectd PRIVATE ${MEMORY_PROFILING_CFLAGS})
target_compile_options(nDPIsrvd-collectd PRIVATE ${NDPID_C_FLAGS} ${MEMORY_PROFILING_CFLAGS})
target_include_directories(nDPIsrvd-collectd PRIVATE
"${CMAKE_SOURCE_DIR}"
"${CMAKE_SOURCE_DIR}/dependencies"
@@ -122,7 +151,7 @@ if(BUILD_EXAMPLES)
"${CMAKE_SOURCE_DIR}/dependencies/uthash/src")
add_executable(nDPIsrvd-captured examples/c-captured/c-captured.c utils.c)
target_compile_options(nDPIsrvd-captured PRIVATE ${MEMORY_PROFILING_CFLAGS})
target_compile_options(nDPIsrvd-captured PRIVATE ${NDPID_C_FLAGS} ${MEMORY_PROFILING_CFLAGS})
target_include_directories(nDPIsrvd-captured PRIVATE
"${CMAKE_SOURCE_DIR}"
"${CMAKE_SOURCE_DIR}/dependencies"
@@ -146,21 +175,28 @@ install(FILES examples/py-flow-info/flow-info.py DESTINATION bin RENAME nDPIsrvd
message(STATUS "--------------------------")
message(STATUS "CMAKE_BUILD_TYPE.........: ${CMAKE_BUILD_TYPE}")
message(STATUS "CMAKE_C_FLAGS............: ${CMAKE_C_FLAGS}")
message(STATUS "NDPID_C_FLAGS............: ${NDPID_C_FLAGS}")
if(ENABLE_MEMORY_PROFILING)
message(STATUS "MEMORY_PROFILING_CFLAGS..: ${MEMORY_PROFILING_CFLAGS}")
endif()
message(STATUS "ENABLE_SANITIZER.........: ${ENABLE_SANITIZER}")
message(STATUS "ENABLE_SANITIZER_THREAD..: ${ENABLE_SANITIZER_THREAD}")
message(STATUS "ENABLE_MEMORY_PROFILING..: ${ENABLE_MEMORY_PROFILING}")
if(NOT BUILD_NDPI)
if(NOT BUILD_NDPI AND NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "")
message(STATUS "STATIC_LIBNDPI_INSTALLDIR: ${STATIC_LIBNDPI_INSTALLDIR}")
if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "")
message(STATUS "`- STATIC_LIBNDPI_INC....: ${STATIC_LIBNDPI_INC}")
message(STATUS "`- STATIC_LIBNDPI_LIB....: ${STATIC_LIBNDPI_LIB}")
message(STATUS "`- NDPI_WITH_GCRYPT......: ${NDPI_WITH_GCRYPT}")
message(STATUS "`- NDPI_WITH_PCRE........: ${NDPI_WITH_PCRE}")
message(STATUS "`- NDPI_WITH_MAXMINDDB...: ${NDPI_WITH_MAXMINDDB}")
endif()
endif()
message(STATUS "BUILD_NDPI...............: ${BUILD_NDPI}")
message(STATUS "NDPI_NO_PKGCONFIG........: ${NDPI_NO_PKGCONFIG}")
if(NDPI_NO_PKGCONFIG)
message(STATUS "LIBNDPI_INC..............: ${LIBNDPI_INC}")
message(STATUS "LIBNDPI_LIB..............: ${LIBNDPI_LIB}")
endif()
if(NOT STATIC_LIBNDPI_INSTALLDIR STREQUAL "" OR BUILD_NDPI OR NDPI_NO_PKGCONFIG)
message(STATUS "--------------------------")
message(STATUS "- STATIC_LIBNDPI_INC....: ${STATIC_LIBNDPI_INC}")
message(STATUS "- STATIC_LIBNDPI_LIB....: ${STATIC_LIBNDPI_LIB}")
message(STATUS "- NDPI_WITH_GCRYPT......: ${NDPI_WITH_GCRYPT}")
message(STATUS "- NDPI_WITH_PCRE........: ${NDPI_WITH_PCRE}")
message(STATUS "- NDPI_WITH_MAXMINDDB...: ${NDPI_WITH_MAXMINDDB}")
endif()
message(STATUS "--------------------------")

674
COPYING Normal file
View File

@@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

28
README.md
View File

@@ -1,7 +1,7 @@
# abstract
nDPId is a set of daemons and tools to capture, process and classify network flows.
It's only dependencies (besides a half-way modern c library and POSIX threads) are libnDPI (>= 3.6.0 or current github dev branch) and libpcap.
It's only dependencies (besides a half-way modern c library and POSIX threads) are libnDPI (>= 3.5.0 or current github dev branch) and libpcap.
The core daemon nDPId uses pthread but does use mutexes for performance reasons.
Instead synchronization is achieved by a packet distribution mechanism.
@@ -129,19 +129,23 @@ or anything below `./examples`.
# test
You may want to run some integration tests using pcap files from nDPI:
The recommended way to run integration / diff tests:
`./test/run_tests.sh /path/to/libnDPI/root/directory`
```shell
mkdir build
cd build
cmake .. -DBUILD_NDPI=ON
make nDPId-test test
```
Alternatively you can run some integration tests manually:
`./test/run_tests.sh [/path/to/libnDPI/root/directory] [/path/to/nDPId-test]`
e.g.:
`./test/run_tests.sh ${HOME}/git/nDPI`
`./test/run_tests.sh [${HOME}/git/nDPI] [${HOME}/git/nDPId/build/nDPId-test]`
For out-of-source builds, you'll need to specify a path to nDPId-test as well with:
`/test/run_tests.sh /path/to/libnDPI/root/directory /path/to/nDPId-test-executable`
For in-source builds and if CMake was configured with BUILD_NDPI=ON you can just type:
`/test/run_tests.sh`
Remember that all test results are tied to a specific libnDPI commit hash
as part of the `git submodule`. Using `test/run_tests.s` for other commit hashes
will most likely result in PCAP diff's.

9
TODO.md
View File

@@ -1,7 +1,6 @@
# TODOs
1. unify `struct io_buffer` from nDPIsrvd.c and `struct nDPIsrvd_buffer` from nDPIsrvd.h
2. improve nDPIsrvd buffer bloat handling (Do not fall back to blocking mode!)
3. improve UDP/TCP timeout handling by reading netfilter conntrack timeouts from /proc
4. detect interface / timeout changes and apply them to nDPId
5. implement AEAD crypto via libsodium (at least for TCP communication)
1. improve nDPIsrvd buffer bloat handling (Do not fall back to blocking mode!)
2. improve UDP/TCP timeout handling by reading netfilter conntrack timeouts from /proc (or just read conntrack table entries)
3. detect interface / timeout changes and apply them to nDPId
4. implement AEAD crypto via libsodium (at least for TCP communication)

7
config.h
View File

@@ -22,8 +22,11 @@
#define nDPId_TICK_RESOLUTION 1000u
#define nDPId_MAX_READER_THREADS 32u
#define nDPId_IDLE_SCAN_PERIOD 10000u /* 10 sec */
#define nDPId_IDLE_TIME 600000u /* 600 sec */
#define nDPId_TCP_POST_END_FLOW_TIME 60000u /* 60 sec */
#define nDPId_GENERIC_IDLE_TIME 600000u /* 600 */
#define nDPId_ICMP_IDLE_TIME 30000u /* 30 sec */
#define nDPId_TCP_IDLE_TIME 7440000u /* 7440 sec */
#define nDPId_UDP_IDLE_TIME 180000u /* 180 sec */
#define nDPId_TCP_POST_END_FLOW_TIME 120000u /* 120 sec */
#define nDPId_THREAD_DISTRIBUTION_SEED 0x03dd018b
#define nDPId_PACKETS_PER_FLOW_TO_SEND 15u
#define nDPId_PACKETS_PER_FLOW_TO_PROCESS 255u

59
dependencies/nDPIsrvd.h vendored
View File

@@ -134,8 +134,12 @@ struct nDPIsrvd_address
struct nDPIsrvd_buffer
{
char raw[NETWORK_BUFFER_MAX_SIZE];
union {
char * text;
uint8_t * raw;
} ptr;
size_t used;
size_t max;
char * json_string;
size_t json_string_start;
nDPIsrvd_ull json_string_length;
@@ -288,6 +292,33 @@ static inline char const * nDPIsrvd_enum_to_string(int enum_value)
return enum_str[enum_value - FIRST_ENUM_VALUE];
}
static inline int nDPIsrvd_buffer_init(struct nDPIsrvd_buffer * const buffer, size_t buffer_size)
{
if (buffer->ptr.raw != NULL && buffer->max != buffer_size)
{
return 1; /* Do not fail and realloc()? */
}
buffer->ptr.raw = (uint8_t *)malloc(buffer_size);
if (buffer->ptr.raw == NULL)
{
return 1;
}
buffer->json_string_start = 0;
buffer->json_string_length = 0ull;
buffer->json_string = NULL;
buffer->used = 0;
buffer->max = buffer_size;
return 0;
}
static inline void nDPIsrvd_buffer_free(struct nDPIsrvd_buffer * const buffer)
{
free(buffer->ptr.raw);
}
static inline struct nDPIsrvd_socket * nDPIsrvd_init(size_t global_user_data_size,
size_t flow_user_data_size,
json_callback json_cb,
@@ -306,6 +337,10 @@ static inline struct nDPIsrvd_socket * nDPIsrvd_init(size_t global_user_data_siz
memset(sock, 0, sizeof(*sock));
sock->fd = -1;
if (nDPIsrvd_buffer_init(&sock->buffer, NETWORK_BUFFER_MAX_SIZE) != 0)
{
goto error;
}
sock->address.raw.sa_family = -1;
sock->flow_user_data_size = flow_user_data_size;
@@ -324,6 +359,7 @@ static inline struct nDPIsrvd_socket * nDPIsrvd_init(size_t global_user_data_siz
return sock;
error:
nDPIsrvd_buffer_free(&sock->buffer);
nDPIsrvd_free(&sock);
return NULL;
}
@@ -368,6 +404,7 @@ static inline void nDPIsrvd_free(struct nDPIsrvd_socket ** const sock)
(*sock)->flow_table = NULL;
}
nDPIsrvd_buffer_free(&(*sock)->buffer);
free(*sock);
*sock = NULL;
@@ -464,7 +501,7 @@ static inline enum nDPIsrvd_connect_return nDPIsrvd_connect(struct nDPIsrvd_sock
static inline enum nDPIsrvd_read_return nDPIsrvd_read(struct nDPIsrvd_socket * const sock)
{
ssize_t bytes_read =
read(sock->fd, sock->buffer.raw + sock->buffer.used, sizeof(sock->buffer.raw) - sock->buffer.used);
read(sock->fd, sock->buffer.ptr.raw + sock->buffer.used, sock->buffer.max - sock->buffer.used);
if (bytes_read == 0)
{
@@ -664,25 +701,25 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_line(struct nDPIsrvd_buf
{
return PARSE_NEED_MORE_DATA;
}
if (buffer->raw[NETWORK_BUFFER_LENGTH_DIGITS] != '{')
if (buffer->ptr.text[NETWORK_BUFFER_LENGTH_DIGITS] != '{')
{
return PARSE_INVALID_OPENING_CHAR;
}
errno = 0;
buffer->json_string_length = strtoull((const char *)buffer->raw, &buffer->json_string, 10);
buffer->json_string_length += buffer->json_string - buffer->raw;
buffer->json_string_start = buffer->json_string - buffer->raw;
buffer->json_string_length = strtoull((const char *)buffer->ptr.text, &buffer->json_string, 10);
buffer->json_string_length += buffer->json_string - buffer->ptr.text;
buffer->json_string_start = buffer->json_string - buffer->ptr.text;
if (errno == ERANGE)
{
return PARSE_SIZE_EXCEEDS_CONVERSION_LIMIT;
}
if (buffer->json_string == buffer->raw)
if (buffer->json_string == buffer->ptr.text)
{
return PARSE_SIZE_MISSING;
}
if (buffer->json_string_length > sizeof(buffer->raw))
if (buffer->json_string_length > buffer->max)
{
return PARSE_STRING_TOO_BIG;
}
@@ -690,14 +727,14 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_line(struct nDPIsrvd_buf
{
return PARSE_NEED_MORE_DATA;
}
if (buffer->raw[buffer->json_string_length - 2] != '}' || buffer->raw[buffer->json_string_length - 1] != '\n')
if (buffer->ptr.text[buffer->json_string_length - 2] != '}' || buffer->ptr.text[buffer->json_string_length - 1] != '\n')
{
return PARSE_INVALID_CLOSING_CHAR;
}
jsmn_init(&jsmn->parser);
jsmn->tokens_found = jsmn_parse(&jsmn->parser,
(char *)(buffer->raw + buffer->json_string_start),
buffer->ptr.text + buffer->json_string_start,
buffer->json_string_length - buffer->json_string_start,
jsmn->tokens,
nDPIsrvd_MAX_JSON_TOKENS);
@@ -711,7 +748,7 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_line(struct nDPIsrvd_buf
static void nDPIsrvd_drain_buffer(struct nDPIsrvd_buffer * const buffer)
{
memmove(buffer->raw, buffer->raw + buffer->json_string_length, buffer->used - buffer->json_string_length);
memmove(buffer->ptr.raw, buffer->ptr.raw + buffer->json_string_length, buffer->used - buffer->json_string_length);
buffer->used -= buffer->json_string_length;
buffer->json_string_length = 0;
buffer->json_string_start = 0;

8
examples/README.md
View File

@@ -25,6 +25,14 @@ A discontinued tty UI nDPId dashboard. I've figured out that Go + UI is a bad id
Prints prettyfied information about flow events.
## py-flow-dash
A realtime web based graph using Plotly/Dash.
## py-flow-multiprocess
Simple Python Multiprocess example spawning two worker processes, one connecting to nDPIsrvd and one printing flow id's to STDOUT.
## py-flow-undetected-to-pcap
Captures and saves undetected flows to a PCAP file.

18
examples/c-captured/c-captured.c
View File

@@ -45,6 +45,7 @@ struct flow_user_data
uint8_t midstream;
nDPIsrvd_ull flow_datalink;
nDPIsrvd_ull flow_max_packets;
nDPIsrvd_ull flow_tot_l4_payload_len;
UT_array * packets;
};
@@ -63,6 +64,7 @@ static uint8_t process_guessed = 0;
static uint8_t process_undetected = 0;
static uint8_t process_risky = 0;
static uint8_t process_midstream = 0;
static uint8_t ignore_empty_flows = 0;
static void packet_data_copy(void * dst, const void * src)
{
@@ -343,6 +345,13 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
{
struct nDPIsrvd_json_token const * const flow_event_name = TOKEN_GET_SZ(sock, "flow_event_name");
if (flow_event_name != NULL)
{
perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len"), &flow_user->flow_tot_l4_payload_len),
"flow_tot_l4_payload_len");
}
if (TOKEN_VALUE_EQUALS_SZ(flow_event_name, "new") != 0)
{
flow_user->flow_new_seen = 1;
@@ -394,6 +403,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
(flow_user->midstream != 0 && process_midstream != 0)))
{
packet_data_print(flow_user->packets);
if (ignore_empty_flows == 0 || flow_user->flow_tot_l4_payload_len > 0)
{
char pcap_filename[PATH_MAX];
if (generate_pcap_filename(flow, flow_user, pcap_filename, sizeof(pcap_filename)) == NULL)
@@ -461,9 +471,10 @@ static int parse_options(int argc, char ** argv)
"\t-G\tGuessed - Dump guessed flows to a PCAP file.\n"
"\t-U\tUndetected - Dump undetected flows to a PCAP file.\n"
"\t-R\tRisky - Dump risky flows to a PCAP file.\n"
"\t-M\tMidstream - Dump midstream flows to a PCAP file.\n";
"\t-M\tMidstream - Dump midstream flows to a PCAP file.\n"
"\t-E\tEmpty - Ignore flows w/o any layer 4 payload\n";
while ((opt = getopt(argc, argv, "hdp:s:r:u:g:D:GURM")) != -1)
while ((opt = getopt(argc, argv, "hdp:s:r:u:g:D:GURME")) != -1)
{
switch (opt)
{
@@ -509,6 +520,9 @@ static int parse_options(int argc, char ** argv)
case 'M':
process_midstream = 1;
break;
case 'E':
ignore_empty_flows = 1;
break;
default:
fprintf(stderr, usage, argv[0]);
return 1;

23
examples/c-collectd/c-collectd.c
View File

@@ -10,6 +10,8 @@
#include "nDPIsrvd.h"
#define DEFAULT_COLLECTD_EXEC_INST "exec-nDPIsrvd"
#define LOG(flags, format, ...) \
if (quiet == 0) \
{ \
@@ -28,6 +30,7 @@ static int collectd_timerfd = -1;
static char * serv_optarg = NULL;
static char * collectd_hostname = NULL;
static char * collectd_interval = NULL;
static char * instance_name = NULL;
static nDPIsrvd_ull collectd_interval_ull = 0uL;
static int quiet = 0;
@@ -134,16 +137,19 @@ static int parse_options(int argc, char ** argv)
static char const usage[] =
"Usage: %s "
"[-s host] [-c hostname] [-i interval] [-q]\n\n"
"[-s host] [-c hostname] [-n collectd-instance-name] [-i interval] [-q]\n\n"
"\t-s\tDestination where nDPIsrvd is listening on.\n"
"\t-c\tCollectd hostname.\n"
"\t \tThis value defaults to the environment variable COLLECTD_HOSTNAME.\n"
"\t-n\tName of the collectd(-exec) instance.\n"
"\t \tDefaults to: " DEFAULT_COLLECTD_EXEC_INST
"\n"
"\t-i\tInterval between print statistics to stdout.\n"
"\t \tThis value defaults to the environment variable COLLECTD_INTERVAL.\n"
"\t-q\tDo not print anything except collectd statistics.\n"
"\t \tAutomatically enabled if environment variables mentioned above are set.\n";
while ((opt = getopt(argc, argv, "hs:c:i:q")) != -1)
while ((opt = getopt(argc, argv, "hs:c:n:i:q")) != -1)
{
switch (opt)
{
@@ -155,6 +161,10 @@ static int parse_options(int argc, char ** argv)
free(collectd_hostname);
collectd_hostname = strdup(optarg);
break;
case 'n':
free(instance_name);
instance_name = strdup(optarg);
break;
case 'i':
free(collectd_interval);
collectd_interval = strdup(optarg);
@@ -182,6 +192,11 @@ static int parse_options(int argc, char ** argv)
}
}
if (instance_name == NULL)
{
instance_name = strdup(DEFAULT_COLLECTD_EXEC_INST);
}
if (collectd_interval == NULL)
{
collectd_interval = getenv("COLLECTD_INTERVAL");
@@ -217,9 +232,9 @@ static int parse_options(int argc, char ** argv)
return 0;
}
#define COLLECTD_PUTVAL_N_FORMAT(name) "PUTVAL %s/nDPId/" #name " interval=%llu %llu:%llu\n"
#define COLLECTD_PUTVAL_N_FORMAT(name) "PUTVAL %s/%s/" #name " interval=%llu %llu:%llu\n"
#define COLLECTD_PUTVAL_N(value) \
collectd_hostname, collectd_interval_ull, (unsigned long long int)now, \
collectd_hostname, instance_name, collectd_interval_ull, (unsigned long long int)now, \
(unsigned long long int)collectd_statistics.value
static void print_collectd_exec_output(void)
{

1
examples/c-collectd/plugin_nDPIsrvd_types.db
View File

@@ -60,6 +60,7 @@ flow_category_unknown_count value:GAUGE:0:U
flow_l3_ip4_count value:GAUGE:0:U
flow_l3_ip6_count value:GAUGE:0:U
flow_l3_other_count value:GAUGE:0:U
flow_l4_icmp_count value:GAUGE:0:U
flow_l4_tcp_count value:GAUGE:0:U
flow_l4_udp_count value:GAUGE:0:U
flow_l4_other_count value:GAUGE:0:U

185
examples/py-flow-dashboard/flow-dash.py Executable file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env python3
from collections import deque
import dash
from dash.dependencies import Output, Input
import dash_core_components as dcc
import dash_html_components as html
import multiprocessing
import os
import plotly
import plotly.graph_objs as go
import sys
sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
try:
import nDPIsrvd
from nDPIsrvd import nDPIsrvdSocket
except ImportError:
sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
import nDPIsrvd
from nDPIsrvd import nDPIsrvdSocket
mgr = multiprocessing.Manager()
global shared_flow_dict
shared_flow_dict = mgr.dict()
FLOW_COUNT_DATAPOINTS = 50
global live_flow_count_X
live_flow_count_X = deque(maxlen=FLOW_COUNT_DATAPOINTS)
live_flow_count_X.append(1)
global live_flow_count_Y
live_flow_count_Y = deque(maxlen=FLOW_COUNT_DATAPOINTS)
live_flow_count_Y.append(1)
live_flow_bars = ['risky', 'midstream', 'detected', 'guessed', 'not-detected']
fig = go.Figure()
app = dash.Dash(__name__)
app.layout = html.Div(
[
dcc.Graph(id='live-flow-count', animate=True),
dcc.Graph(id='live-flow-bars', animate=True, figure=fig),
dcc.Interval(
id='graph-update',
interval=1000,
n_intervals=0
),
]
)
@app.callback(
Output('live-flow-count', 'figure'),
[Input('graph-update', 'n_intervals')]
)
def update_graph_scatter(n):
live_flow_count_X.append(live_flow_count_X[-1]+1)
live_flow_count_Y.append(len(shared_flow_dict))
data = plotly.graph_objs.Scatter(
x=list(live_flow_count_X),
y=list(live_flow_count_Y),
name='Scatter',
mode='lines+markers'
)
return {
'data': [data],
'layout':
go.Layout(
xaxis=dict(
range=[min(live_flow_count_X), max(live_flow_count_X)]
),
yaxis=dict(
range=[min(live_flow_count_Y), max(live_flow_count_Y)]
),
)}
@app.callback(
Output('live-flow-bars', 'figure'),
[Input('graph-update', 'n_intervals')]
)
def update_pie(n):
values = [0, 0, 0, 0, 0]
for flow_id in shared_flow_dict.keys():
if shared_flow_dict[flow_id]['is_risky'] is True:
values[0] += 1
if shared_flow_dict[flow_id]['is_midstream'] is True:
values[1] += 1
if shared_flow_dict[flow_id]['is_detected'] is True:
values[2] += 1
if shared_flow_dict[flow_id]['is_guessed'] is True:
values[3] += 1
if shared_flow_dict[flow_id]['is_not_detected'] is True:
values[4] += 1
if shared_flow_dict[flow_id]['remove_me'] is True:
del shared_flow_dict[flow_id]
# print(values)
return {
'data': [
go.Bar(name='', x=live_flow_bars, y=values)
],
'layout': go.Layout(yaxis=dict(range=[0, max(values)]))
}
def web_worker():
app.run_server()
def nDPIsrvd_worker_onJsonLineRecvd(json_dict, current_flow, global_user_data):
if 'flow_event_name' not in json_dict:
return True
# print(json_dict)
if json_dict['flow_id'] not in shared_flow_dict:
shared_flow_dict[json_dict['flow_id']] = mgr.dict()
shared_flow_dict[json_dict['flow_id']]['is_detected'] = False
shared_flow_dict[json_dict['flow_id']]['is_guessed'] = False
shared_flow_dict[json_dict['flow_id']]['is_not_detected'] = False
shared_flow_dict[json_dict['flow_id']]['is_midstream'] = False
shared_flow_dict[json_dict['flow_id']]['is_risky'] = False
shared_flow_dict[json_dict['flow_id']]['remove_me'] = False
if json_dict['flow_event_name'] == 'new':
if 'midstream' in json_dict and json_dict['midstream'] != 0:
shared_flow_dict[json_dict['flow_id']]['is_midstream'] = True
elif json_dict['flow_event_name'] == 'guessed':
shared_flow_dict[json_dict['flow_id']]['is_guessed'] = True
elif json_dict['flow_event_name'] == 'not-detected':
shared_flow_dict[json_dict['flow_id']]['is_not_detected'] = True
elif json_dict['flow_event_name'] == 'detected':
shared_flow_dict[json_dict['flow_id']]['is_detected'] = True
shared_flow_dict[json_dict['flow_id']]['is_guessed'] = False
shared_flow_dict[json_dict['flow_id']]['is_not_detected'] = False
if 'ndpi' in json_dict and 'flow_risk' in json_dict['ndpi']:
shared_flow_dict[json_dict['flow_id']]['is_risky'] = True
elif json_dict['flow_event_name'] == 'idle' or \
json_dict['flow_event_name'] == 'end':
shared_flow_dict[json_dict['flow_id']]['remove_me'] = True
return True
def nDPIsrvd_worker(address, nDPIsrvd_global_user_data):
sys.stderr.write('Recv buffer size: {}\n'
.format(nDPIsrvd.NETWORK_BUFFER_MAX_SIZE))
sys.stderr.write('Connecting to {} ..\n'
.format(address[0]+':'+str(address[1])
if type(address) is tuple else address))
nsock = nDPIsrvdSocket()
nsock.connect(address)
nsock.loop(nDPIsrvd_worker_onJsonLineRecvd, nDPIsrvd_global_user_data)
if __name__ == '__main__':
argparser = nDPIsrvd.defaultArgumentParser()
args = argparser.parse_args()
address = nDPIsrvd.validateAddress(args)
nDPIsrvd_job = multiprocessing.Process(target=nDPIsrvd_worker,
args=(address, None))
nDPIsrvd_job.start()
web_job = multiprocessing.Process(target=web_worker, args=())
web_job.start()
nDPIsrvd_job.join()
web_job.terminate()
web_job.join()

1
examples/py-flow-dashboard/requirements.txt Normal file
View File

@@ -0,0 +1 @@
dash

80
examples/py-flow-muliprocess/py-flow-multiprocess.py Executable file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/env python3
import multiprocessing
import os
import sys
sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
try:
import nDPIsrvd
from nDPIsrvd import nDPIsrvdSocket
except ImportError:
sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
import nDPIsrvd
from nDPIsrvd import nDPIsrvdSocket
def mp_worker(unused, shared_flow_dict):
import time
while True:
s = str()
for key in shared_flow_dict.keys():
s += '{}, '.format(str(key))
if len(s) == 0:
s = '-'
else:
s = s[:-2]
print('Flows: {}'.format(s))
time.sleep(1)
def nDPIsrvd_worker_onJsonLineRecvd(json_dict, current_flow, global_user_data):
shared_flow_dict = global_user_data
if 'flow_event_name' not in json_dict:
return True
if json_dict['flow_event_name'] == 'new':
shared_flow_dict[json_dict['flow_id']] = current_flow
elif json_dict['flow_event_name'] == 'idle' or \
json_dict['flow_event_name'] == 'end':
if json_dict['flow_id'] in shared_flow_dict:
del shared_flow_dict[json_dict['flow_id']]
return True
def nDPIsrvd_worker(address, shared_flow_dict):
sys.stderr.write('Recv buffer size: {}\n'.format(
nDPIsrvd.NETWORK_BUFFER_MAX_SIZE))
sys.stderr.write('Connecting to {} ..\n'.format(
address[0] + ':' +
str(address[1]) if type(address) is tuple else address))
nsock = nDPIsrvdSocket()
nsock.connect(address)
nsock.loop(nDPIsrvd_worker_onJsonLineRecvd, shared_flow_dict)
if __name__ == '__main__':
argparser = nDPIsrvd.defaultArgumentParser()
args = argparser.parse_args()
address = nDPIsrvd.validateAddress(args)
mgr = multiprocessing.Manager()
shared_flow_dict = mgr.dict()
nDPIsrvd_job = multiprocessing.Process(
target=nDPIsrvd_worker,
args=(address, shared_flow_dict))
nDPIsrvd_job.start()
mp_job = multiprocessing.Process(
target=mp_worker,
args=(None, shared_flow_dict))
mp_job.start()
nDPIsrvd_job.join()
mp_job.terminate()
mp_job.join()

2
libnDPI

Submodule libnDPI updated: 9377991263...2af7b33de0

33
nDPId-test.c
View File

@@ -135,47 +135,38 @@ error:
return NULL;
}
static enum nDPIsrvd_parse_return parse_json_lines(struct io_buffer * const buffer)
static enum nDPIsrvd_parse_return parse_json_lines(struct nDPIsrvd_buffer * const buffer)
{
struct nDPIsrvd_buffer buf = {};
struct nDPIsrvd_jsmn jsmn = {};
size_t const n = (buffer->used > sizeof(buf.raw) ? sizeof(buf.raw) : buffer->used);
size_t const n = (buffer->used > buffer->max ? buffer->max : buffer->used);
if (n > NETWORK_BUFFER_MAX_SIZE)
{
return PARSE_STRING_TOO_BIG;
}
memcpy(buf.raw, buffer->ptr, n);
buf.used = buffer->used;
enum nDPIsrvd_parse_return ret;
while ((ret = nDPIsrvd_parse_line(&buf, &jsmn)) == PARSE_OK)
while ((ret = nDPIsrvd_parse_line(buffer, &jsmn)) == PARSE_OK)
{
if (jsmn.tokens_found == 0)
{
return PARSE_JSMN_ERROR;
}
nDPIsrvd_drain_buffer(&buf);
nDPIsrvd_drain_buffer(buffer);
}
memcpy(buffer->ptr, buf.raw, buf.used);
buffer->used = buf.used;
return ret;
}
static void * distributor_client_mainloop_thread(void * const arg)
{
struct io_buffer client_buffer = {.ptr = (uint8_t *)malloc(NETWORK_BUFFER_MAX_SIZE),
.max = NETWORK_BUFFER_MAX_SIZE,
.used = 0};
struct nDPIsrvd_buffer client_buffer = {};
int dis_epollfd = create_evq();
int signalfd = setup_signalfd(dis_epollfd);
struct epoll_event events[32];
size_t const events_size = sizeof(events) / sizeof(events[0]);
if (client_buffer.ptr == NULL || dis_epollfd < 0 || signalfd < 0)
if (nDPIsrvd_buffer_init(&client_buffer, NETWORK_BUFFER_MAX_SIZE) != 0 || dis_epollfd < 0 || signalfd < 0)
{
THREAD_ERROR_GOTO(arg);
}
@@ -198,7 +189,7 @@ static void * distributor_client_mainloop_thread(void * const arg)
if (events[i].data.fd == mock_servfds[PIPE_READ])
{
ssize_t bytes_read = read(mock_servfds[PIPE_READ],
client_buffer.ptr + client_buffer.used,
client_buffer.ptr.raw + client_buffer.used,
client_buffer.max - client_buffer.used);
if (bytes_read == 0)
{
@@ -208,7 +199,7 @@ static void * distributor_client_mainloop_thread(void * const arg)
{
THREAD_ERROR_GOTO(arg);
}
printf("%.*s", (int)bytes_read, client_buffer.ptr + client_buffer.used);
printf("%.*s", (int)bytes_read, client_buffer.ptr.text + client_buffer.used);
client_buffer.used += bytes_read;
enum nDPIsrvd_parse_return parse_ret = parse_json_lines(&client_buffer);
@@ -247,7 +238,7 @@ error:
del_event(dis_epollfd, mock_servfds[PIPE_READ]);
close(dis_epollfd);
close(signalfd);
free(client_buffer.ptr);
nDPIsrvd_buffer_free(&client_buffer);
return NULL;
}
@@ -371,7 +362,7 @@ int main(int argc, char ** argv)
{
if (THREADS_RETURNED_ERROR() != 0)
{
return 1;
break;
}
}
@@ -379,7 +370,7 @@ int main(int argc, char ** argv)
{
if (THREADS_RETURNED_ERROR() != 0)
{
return 1;
break;
}
}
@@ -387,7 +378,7 @@ int main(int argc, char ** argv)
{
if (THREADS_RETURNED_ERROR() != 0)
{
return 1;
break;
}
}

265
nDPId.c
View File

@@ -91,13 +91,13 @@ struct nDPId_flow_extended
uint32_t flow_id;
uint16_t min_l4_data_len;
uint16_t max_l4_data_len;
uint16_t min_l4_payload_len;
uint16_t max_l4_payload_len;
unsigned long long int packets_processed;
uint64_t first_seen;
unsigned long long int total_l4_data_len;
unsigned long long int total_l4_payload_len;
};
/*
@@ -202,8 +202,9 @@ enum basic_event
UNKNOWN_DATALINK_LAYER,
UNKNOWN_L3_PROTOCOL,
NON_IP_PACKET,
ETHERNET_PACKET_TOO_SHORT,
ETHERNET_PACKET_UNKNOWN,
PACKET_TOO_SHORT,
PACKET_TYPE_UNKNOWN,
PACKET_HEADER_INVALID,
IP4_PACKET_TOO_SHORT,
IP4_SIZE_SMALLER_THAN_HEADER,
IP4_L4_PAYLOAD_DETECTION_FAILED,
@@ -247,8 +248,9 @@ static char const * const basic_event_name_table[BASIC_EVENT_COUNT] = {
[UNKNOWN_DATALINK_LAYER] = "Unknown datalink layer packet",
[UNKNOWN_L3_PROTOCOL] = "Unknown L3 protocol",
[NON_IP_PACKET] = "Non IP packet",
[ETHERNET_PACKET_TOO_SHORT] = "Ethernet packet too short",
[ETHERNET_PACKET_UNKNOWN] = "Unknown Ethernet packet type",
[PACKET_TOO_SHORT] = "Packet too short",
[PACKET_TYPE_UNKNOWN] = "Unknown packet type",
[PACKET_HEADER_INVALID] = "Packet header invalid",
[IP4_PACKET_TOO_SHORT] = "IP4 packet too short",
[IP4_SIZE_SMALLER_THAN_HEADER] = "Packet smaller than IP4 header",
[IP4_L4_PAYLOAD_DETECTION_FAILED] = "nDPI IPv4/L4 payload detection failed",
@@ -307,7 +309,10 @@ static struct
unsigned long long int tick_resolution;
unsigned long long int reader_thread_count;
unsigned long long int idle_scan_period;
unsigned long long int max_idle_time;
unsigned long long int generic_max_idle_time;
unsigned long long int icmp_max_idle_time;
unsigned long long int udp_max_idle_time;
unsigned long long int tcp_max_idle_time;
unsigned long long int tcp_max_post_end_flow_time;
unsigned long long int max_packets_per_flow_to_send;
unsigned long long int max_packets_per_flow_to_process;
@@ -319,7 +324,10 @@ static struct
.tick_resolution = nDPId_TICK_RESOLUTION,
.reader_thread_count = nDPId_MAX_READER_THREADS / 2,
.idle_scan_period = nDPId_IDLE_SCAN_PERIOD,
.max_idle_time = nDPId_IDLE_TIME,
.generic_max_idle_time = nDPId_GENERIC_IDLE_TIME,
.icmp_max_idle_time = nDPId_ICMP_IDLE_TIME,
.udp_max_idle_time = nDPId_UDP_IDLE_TIME,
.tcp_max_idle_time = nDPId_TCP_IDLE_TIME,
.tcp_max_post_end_flow_time = nDPId_TCP_POST_END_FLOW_TIME,
.max_packets_per_flow_to_send = nDPId_PACKETS_PER_FLOW_TO_SEND,
.max_packets_per_flow_to_process = nDPId_PACKETS_PER_FLOW_TO_PROCESS};
@@ -331,7 +339,10 @@ enum nDPId_subopts
TICK_RESOLUTION,
MAX_READER_THREADS,
IDLE_SCAN_PERIOD,
MAX_IDLE_TIME,
GENERIC_MAX_IDLE_TIME,
ICMP_MAX_IDLE_TIME,
UDP_MAX_IDLE_TIME,
TCP_MAX_IDLE_TIME,
TCP_MAX_POST_END_FLOW_TIME,
MAX_PACKETS_PER_FLOW_TO_SEND,
MAX_PACKETS_PER_FLOW_TO_PROCESS,
@@ -341,7 +352,10 @@ static char * const subopt_token[] = {[MAX_FLOWS_PER_THREAD] = "max-flows-per-th
[TICK_RESOLUTION] = "tick-resolution",
[MAX_READER_THREADS] = "max-reader-threads",
[IDLE_SCAN_PERIOD] = "idle-scan-period",
[MAX_IDLE_TIME] = "max-idle-time",
[GENERIC_MAX_IDLE_TIME] = "generic-max-idle-time",
[ICMP_MAX_IDLE_TIME] = "icmp-max-idle-time",
[UDP_MAX_IDLE_TIME] = "udp-max-idle-time",
[TCP_MAX_IDLE_TIME] = "tcp-max-idle-time",
[TCP_MAX_POST_END_FLOW_TIME] = "tcp-max-post-end-flow-time",
[MAX_PACKETS_PER_FLOW_TO_SEND] = "max-packets-per-flow-to-send",
[MAX_PACKETS_PER_FLOW_TO_PROCESS] = "max-packets-per-flow-to-process",
@@ -979,6 +993,30 @@ static int ip_tuples_compare(struct nDPId_flow_basic const * const A, struct nDP
return 0;
}
static uint64_t get_l4_protocol_idle_time(uint8_t l4_protocol)
{
switch (l4_protocol)
{
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
return nDPId_options.icmp_max_idle_time;
case IPPROTO_TCP:
return nDPId_options.tcp_max_idle_time;
case IPPROTO_UDP:
return nDPId_options.udp_max_idle_time;
default:
return nDPId_options.generic_max_idle_time;
}
}
static int is_l4_protocol_timed_out(struct nDPId_workflow const * const workflow,
struct nDPId_flow_basic const * const flow_basic)
{
return flow_basic->last_seen + get_l4_protocol_idle_time(flow_basic->l4_protocol) < workflow->last_time ||
(flow_basic->tcp_fin_rst_seen == 1 &&
flow_basic->last_seen + nDPId_options.tcp_max_post_end_flow_time < workflow->last_time);
}
static void ndpi_idle_scan_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data)
{
struct nDPId_workflow * const workflow = (struct nDPId_workflow *)user_data;
@@ -998,9 +1036,7 @@ static void ndpi_idle_scan_walker(void const * const A, ndpi_VISIT which, int de
if (which == ndpi_preorder || which == ndpi_leaf)
{
if (flow_basic->last_seen + nDPId_options.max_idle_time < workflow->last_time ||
(flow_basic->tcp_fin_rst_seen == 1 &&
flow_basic->last_seen + nDPId_options.tcp_max_post_end_flow_time < workflow->last_time))
if (is_l4_protocol_timed_out(workflow, flow_basic) != 0)
{
workflow->ndpi_flows_idle[workflow->cur_idle_flows++] = flow_basic;
switch (flow_basic->type)
@@ -1273,7 +1309,12 @@ static void jsonize_daemon(struct nDPId_reader_thread * const reader_thread, enu
"reader-thread-count",
nDPId_options.reader_thread_count);
ndpi_serialize_string_int64(&workflow->ndpi_serializer, "idle-scan-period", nDPId_options.idle_scan_period);
ndpi_serialize_string_int64(&workflow->ndpi_serializer, "max-idle-time", nDPId_options.max_idle_time);
ndpi_serialize_string_int64(&workflow->ndpi_serializer,
"generic-max-idle-time",
nDPId_options.generic_max_idle_time);
ndpi_serialize_string_int64(&workflow->ndpi_serializer, "icmp-max-idle-time", nDPId_options.icmp_max_idle_time);
ndpi_serialize_string_int64(&workflow->ndpi_serializer, "udp-max-idle-time", nDPId_options.udp_max_idle_time);
ndpi_serialize_string_int64(&workflow->ndpi_serializer, "tcp-max-idle-time", nDPId_options.tcp_max_idle_time);
ndpi_serialize_string_int64(&workflow->ndpi_serializer,
"tcp-max-post-end-flow-time",
nDPId_options.tcp_max_post_end_flow_time);
@@ -1293,12 +1334,14 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow_ext->packets_processed);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_first_seen", flow_ext->first_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_data_len", flow_ext->total_l4_data_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_data_len", flow_ext->min_l4_data_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_data_len", flow_ext->max_l4_data_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_payload_len", flow_ext->min_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_payload_len", flow_ext->max_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_payload_len", flow_ext->total_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
"flow_avg_l4_data_len",
(flow_ext->packets_processed > 0 ? flow_ext->total_l4_data_len / flow_ext->packets_processed : 0));
"flow_avg_l4_payload_len",
(flow_ext->packets_processed > 0
? flow_ext->total_l4_payload_len / flow_ext->packets_processed
: 0));
ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "midstream", flow_ext->flow_basic.tcp_is_midstream_flow);
}
@@ -1923,6 +1966,14 @@ static uint32_t calculate_ndpi_flow_struct_hash(struct ndpi_flow_struct const *
return hash;
}
#define SNAP 0xaa
/* mask for FCF */
#define WIFI_DATA 0x2 /* 0000 0010 */
#define FCF_TYPE(fc) (((fc) >> 2) & 0x3) /* 0000 0011 = 0x3 */
#define FCF_TO_DS(fc) ((fc)&0x0100)
#define FCF_FROM_DS(fc) ((fc)&0x0200)
/* mask for Bad FCF presence */
#define BAD_FCS 0x50 /* 0101 0000 */
static int process_datalink_layer(struct nDPId_reader_thread * const reader_thread,
struct pcap_pkthdr const * const header,
uint8_t const * const packet,
@@ -1962,13 +2013,129 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
*ip_offset = sizeof(dlt_hdr) + eth_offset;
break;
}
case DLT_PPP_SERIAL:
{
if (header->len < sizeof(struct ndpi_chdlc))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const) & packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc);
*layer3_type = ntohs(chdlc->proto_code);
break;
}
case DLT_C_HDLC:
case DLT_PPP:
if (header->len < sizeof(struct ndpi_chdlc))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
if (packet[0] == 0x0f || packet[0] == 0x8f)
{
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const) & packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */
*layer3_type = ntohs(chdlc->proto_code);
}
else
{
*ip_offset = 2;
*layer3_type = ntohs(*((u_int16_t *)&packet[eth_offset]));
}
break;
case DLT_LINUX_SLL:
if (header->len < 16)
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
*layer3_type = (packet[eth_offset + 14] << 8) + packet[eth_offset + 15];
*ip_offset = 16 + eth_offset;
break;
case DLT_IEEE802_11_RADIO:
{
if (header->len < sizeof(struct ndpi_radiotap_header))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
struct ndpi_radiotap_header const * const radiotap =
(struct ndpi_radiotap_header const * const) & packet[eth_offset];
uint16_t radio_len = radiotap->len;
/* Check Bad FCS presence */
if ((radiotap->flags & BAD_FCS) == BAD_FCS)
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_HEADER_INVALID, NULL);
return 1;
}
if (header->caplen < (eth_offset + radio_len + sizeof(struct ndpi_wifi_header)))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
/* Calculate 802.11 header length (variable) */
struct ndpi_wifi_header const * const wifi =
(struct ndpi_wifi_header const * const)(packet + eth_offset + radio_len);
uint16_t fc = wifi->fc;
int wifi_len = 0;
/* check wifi data presence */
if (FCF_TYPE(fc) == WIFI_DATA)
{
if ((FCF_TO_DS(fc) && FCF_FROM_DS(fc) == 0x0) || (FCF_TO_DS(fc) == 0x0 && FCF_FROM_DS(fc)))
{
wifi_len = 26; /* + 4 byte fcs */
}
}
else
{
/* no data frames */
break;
}
/* Check ether_type from LLC */
if (header->caplen < (eth_offset + wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap)))
{
return 1;
}
struct ndpi_llc_header_snap const * const llc =
(struct ndpi_llc_header_snap const * const)(packet + eth_offset + wifi_len + radio_len);
if (llc->dsap == SNAP)
{
*layer3_type = ntohs(llc->snap.proto_ID);
}
/* Set IP header offset */
*ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap) + eth_offset;
break;
}
case DLT_RAW:
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TYPE_UNKNOWN, "%s%u", "type", DLT_RAW);
return 1;
case DLT_EN10MB:
if (header->len < sizeof(struct ndpi_ethhdr))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, ETHERNET_PACKET_TOO_SHORT, NULL);
jsonize_basic_eventf(reader_thread, PACKET_TOO_SHORT, NULL);
return 1;
}
ethernet = (struct ndpi_ethhdr *)&packet[eth_offset];
*ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset;
*layer3_type = ntohs(ethernet->h_proto);
@@ -1997,7 +2164,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
default:
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, ETHERNET_PACKET_UNKNOWN, "%s%u", "type", *layer3_type);
jsonize_basic_eventf(reader_thread, PACKET_TYPE_UNKNOWN, "%s%u", "type", *layer3_type);
return 1;
}
break;
@@ -2084,6 +2251,7 @@ static void ndpi_process_packet(uint8_t * const args,
const uint8_t * l4_ptr = NULL;
uint16_t l4_len = 0;
uint16_t l4_payload_len = 0;
uint16_t type;
int thread_index = nDPId_THREAD_DISTRIBUTION_SEED; // generated with `dd if=/dev/random bs=1024 count=1 |& hd'
@@ -2239,6 +2407,7 @@ static void ndpi_process_packet(uint8_t * const args,
return;
}
tcp = (struct ndpi_tcphdr *)l4_ptr;
l4_payload_len = ndpi_max(0, l4_len - 4 * tcp->doff);
flow_basic.tcp_fin_rst_seen = (tcp->fin == 1 || tcp->rst == 1 ? 1 : 0);
flow_basic.tcp_is_midstream_flow = (tcp->syn == 0 ? 1 : 0);
flow_basic.src_port = ntohs(tcp->source);
@@ -2262,6 +2431,7 @@ static void ndpi_process_packet(uint8_t * const args,
return;
}
udp = (struct ndpi_udphdr *)l4_ptr;
l4_payload_len = (l4_len > sizeof(struct ndpi_udphdr)) ? l4_len - sizeof(struct ndpi_udphdr) : 0;
flow_basic.src_port = ntohs(udp->source);
flow_basic.dst_port = ntohs(udp->dest);
}
@@ -2494,24 +2664,24 @@ static void ndpi_process_packet(uint8_t * const args,
}
flow_to_process->flow_extended.packets_processed++;
flow_to_process->flow_extended.total_l4_data_len += l4_len;
flow_to_process->flow_extended.total_l4_payload_len += l4_payload_len;
if (flow_to_process->flow_extended.first_seen == 0)
{
flow_to_process->flow_extended.first_seen = time_ms;
}
if (l4_len > flow_to_process->flow_extended.max_l4_data_len)
if (l4_payload_len > flow_to_process->flow_extended.max_l4_payload_len)
{
flow_to_process->flow_extended.max_l4_data_len = l4_len;
flow_to_process->flow_extended.max_l4_payload_len = l4_payload_len;
}
if (l4_len < flow_to_process->flow_extended.min_l4_data_len)
if (l4_payload_len < flow_to_process->flow_extended.min_l4_payload_len)
{
flow_to_process->flow_extended.min_l4_data_len = l4_len;
flow_to_process->flow_extended.min_l4_payload_len = l4_payload_len;
}
if (is_new_flow != 0)
{
flow_to_process->flow_extended.max_l4_data_len = l4_len;
flow_to_process->flow_extended.min_l4_data_len = l4_len;
flow_to_process->flow_extended.max_l4_payload_len = l4_payload_len;
flow_to_process->flow_extended.min_l4_payload_len = l4_payload_len;
jsonize_flow_event(reader_thread, flow_to_process, FLOW_EVENT_NEW);
}
@@ -2877,8 +3047,17 @@ static void print_subopt_usage(void)
case IDLE_SCAN_PERIOD:
fprintf(stderr, "%llu\n", nDPId_options.idle_scan_period);
break;
case MAX_IDLE_TIME:
fprintf(stderr, "%llu\n", nDPId_options.max_idle_time);
case GENERIC_MAX_IDLE_TIME:
fprintf(stderr, "%llu\n", nDPId_options.generic_max_idle_time);
break;
case ICMP_MAX_IDLE_TIME:
fprintf(stderr, "%llu\n", nDPId_options.icmp_max_idle_time);
break;
case UDP_MAX_IDLE_TIME:
fprintf(stderr, "%llu\n", nDPId_options.udp_max_idle_time);
break;
case TCP_MAX_IDLE_TIME:
fprintf(stderr, "%llu\n", nDPId_options.tcp_max_idle_time);
break;
case TCP_MAX_POST_END_FLOW_TIME:
fprintf(stderr, "%llu\n", nDPId_options.tcp_max_post_end_flow_time);
@@ -3049,8 +3228,17 @@ static int nDPId_parse_options(int argc, char ** argv)
case IDLE_SCAN_PERIOD:
nDPId_options.idle_scan_period = value_llu;
break;
case MAX_IDLE_TIME:
nDPId_options.max_idle_time = value_llu;
case GENERIC_MAX_IDLE_TIME:
nDPId_options.generic_max_idle_time = value_llu;
break;
case ICMP_MAX_IDLE_TIME:
nDPId_options.icmp_max_idle_time = value_llu;
break;
case UDP_MAX_IDLE_TIME:
nDPId_options.udp_max_idle_time = value_llu;
break;
case TCP_MAX_IDLE_TIME:
nDPId_options.tcp_max_idle_time = value_llu;
break;
case TCP_MAX_POST_END_FLOW_TIME:
nDPId_options.tcp_max_post_end_flow_time = value_llu;
@@ -3154,18 +3342,13 @@ static int validate_options(char const * const arg0)
nDPId_options.idle_scan_period);
retval = 1;
}
if (nDPId_options.max_idle_time < 60)
{
fprintf(stderr, "%s: Value not in range: max-idle-time[%llu] > 60\n", arg0, nDPId_options.max_idle_time);
retval = 1;
}
if (nDPId_options.tcp_max_post_end_flow_time > nDPId_options.max_idle_time)
if (nDPId_options.tcp_max_post_end_flow_time > nDPId_options.tcp_max_idle_time)
{
fprintf(stderr,
"%s: Value not in range: max-post-end-flow-time[%llu] < max_idle_time[%llu]\n",
"%s: Value not in range: tcp-max-post-end-flow-time[%llu] < tcp-max-idle-time[%llu]\n",
arg0,
nDPId_options.tcp_max_post_end_flow_time,
nDPId_options.max_idle_time);
nDPId_options.tcp_max_idle_time);
retval = 1;
}
if (nDPId_options.process_internal_initial_direction != 0 && nDPId_options.process_external_initial_direction != 0)

65
nDPIsrvd.c
View File

@@ -18,13 +18,6 @@
#include "nDPIsrvd.h"
#include "utils.h"
struct io_buffer
{
uint8_t * ptr;
size_t used;
size_t max;
};
enum sock_type
{
JSON_SOCK,
@@ -35,7 +28,7 @@ struct remote_desc
{
enum sock_type sock_type;
int fd;
struct io_buffer buf;
struct nDPIsrvd_buffer buf;
union {
struct
{
@@ -52,7 +45,7 @@ struct remote_desc
};
};
static struct remotes
static struct
{
struct remote_desc * desc;
size_t desc_size;
@@ -181,9 +174,10 @@ static struct remote_desc * get_unused_remote_descriptor(enum sock_type type, in
if (remotes.desc[i].fd == -1)
{
remotes.desc_used++;
remotes.desc[i].buf.ptr = (uint8_t *)malloc(NETWORK_BUFFER_MAX_SIZE);
remotes.desc[i].buf.max = NETWORK_BUFFER_MAX_SIZE;
remotes.desc[i].buf.used = 0;
if (nDPIsrvd_buffer_init(&remotes.desc[i].buf, NETWORK_BUFFER_MAX_SIZE) != 0)
{
return NULL;
}
remotes.desc[i].sock_type = type;
remotes.desc[i].fd = remote_fd;
return &remotes.desc[i];
@@ -226,8 +220,7 @@ static void disconnect_client(int epollfd, struct remote_desc * const current)
current->fd = -1;
remotes.desc_used--;
}
free(current->buf.ptr);
current->buf.ptr = NULL;
nDPIsrvd_buffer_free(&current->buf);
}
static int nDPIsrvd_parse_options(int argc, char ** argv)
@@ -437,18 +430,18 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
{
char * json_str_start = NULL;
if (current->buf.ptr[NETWORK_BUFFER_LENGTH_DIGITS] != '{')
if (current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS] != '{')
{
syslog(LOG_DAEMON | LOG_ERR,
"BUG: JSON invalid opening character: '%c'",
current->buf.ptr[NETWORK_BUFFER_LENGTH_DIGITS]);
current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS]);
disconnect_client(epollfd, current);
return 1;
}
errno = 0;
current->event_json.json_bytes = strtoull((char *)current->buf.ptr, &json_str_start, 10);
current->event_json.json_bytes += (uint8_t *)json_str_start - current->buf.ptr;
current->event_json.json_bytes = strtoull((char *)current->buf.ptr.text, &json_str_start, 10);
current->event_json.json_bytes += json_str_start - current->buf.ptr.text;
if (errno == ERANGE)
{
@@ -457,12 +450,12 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
return 1;
}
if ((uint8_t *)json_str_start == current->buf.ptr)
if (json_str_start == current->buf.ptr.text)
{
syslog(LOG_DAEMON | LOG_ERR,
"BUG: Missing size before JSON string: \"%.*s\"",
NETWORK_BUFFER_LENGTH_DIGITS,
current->buf.ptr);
current->buf.ptr.text);
disconnect_client(epollfd, current);
return 1;
}
@@ -482,13 +475,13 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
return 1;
}
if (current->buf.ptr[current->event_json.json_bytes - 2] != '}' ||
current->buf.ptr[current->event_json.json_bytes - 1] != '\n')
if (current->buf.ptr.text[current->event_json.json_bytes - 2] != '}' ||
current->buf.ptr.text[current->event_json.json_bytes - 1] != '\n')
{
syslog(LOG_DAEMON | LOG_ERR,
"BUG: Invalid JSON string: %.*s",
(int)current->event_json.json_bytes,
current->buf.ptr);
current->buf.ptr.text);
disconnect_client(epollfd, current);
return 1;
}
@@ -512,7 +505,7 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
{
errno = 0;
ssize_t bytes_read =
read(current->fd, current->buf.ptr + current->buf.used, current->buf.max - current->buf.used);
read(current->fd, current->buf.ptr.raw + current->buf.used, current->buf.max - current->buf.used);
if (bytes_read < 0 || errno != 0)
{
disconnect_client(epollfd, current);
@@ -564,7 +557,7 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
disconnect_client(epollfd, &remotes.desc[i]);
continue;
}
if (write(remotes.desc[i].fd, remotes.desc[i].buf.ptr, remotes.desc[i].buf.used) !=
if (write(remotes.desc[i].fd, remotes.desc[i].buf.ptr.raw, remotes.desc[i].buf.used) !=
(ssize_t)remotes.desc[i].buf.used)
{
syslog(LOG_DAEMON | LOG_ERR,
@@ -582,13 +575,13 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
}
}
memcpy(remotes.desc[i].buf.ptr + remotes.desc[i].buf.used,
current->buf.ptr,
memcpy(remotes.desc[i].buf.ptr.raw + remotes.desc[i].buf.used,
current->buf.ptr.raw,
current->event_json.json_bytes);
remotes.desc[i].buf.used += current->event_json.json_bytes;
errno = 0;
ssize_t bytes_written = write(remotes.desc[i].fd, remotes.desc[i].buf.ptr, remotes.desc[i].buf.used);
ssize_t bytes_written = write(remotes.desc[i].fd, remotes.desc[i].buf.ptr.raw, remotes.desc[i].buf.used);
if (errno == EAGAIN)
{
continue;
@@ -630,8 +623,8 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
ntohs(remotes.desc[i].event_serv.peer.sin_port),
bytes_written,
remotes.desc[i].buf.used);
memmove(remotes.desc[i].buf.ptr,
remotes.desc[i].buf.ptr + bytes_written,
memmove(remotes.desc[i].buf.ptr.raw,
remotes.desc[i].buf.ptr.raw + bytes_written,
remotes.desc[i].buf.used - bytes_written);
remotes.desc[i].buf.used -= bytes_written;
continue;
@@ -640,8 +633,8 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
remotes.desc[i].buf.used = 0;
}
memmove(current->buf.ptr,
current->buf.ptr + current->event_json.json_bytes,
memmove(current->buf.ptr.raw,
current->buf.ptr.raw + current->event_json.json_bytes,
current->buf.used - current->event_json.json_bytes);
current->buf.used -= current->event_json.json_bytes;
current->event_json.json_bytes = 0;
@@ -819,7 +812,7 @@ static int setup_remote_descriptors(size_t max_descriptors)
{
remotes.desc_used = 0;
remotes.desc_size = max_descriptors;
remotes.desc = (struct remote_desc *)malloc(remotes.desc_size * sizeof(*remotes.desc));
remotes.desc = (struct remote_desc *)calloc(remotes.desc_size, sizeof(*remotes.desc));
if (remotes.desc == NULL)
{
return -1;
@@ -827,8 +820,6 @@ static int setup_remote_descriptors(size_t max_descriptors)
for (size_t i = 0; i < remotes.desc_size; ++i)
{
remotes.desc[i].fd = -1;
remotes.desc[i].buf.ptr = NULL;
remotes.desc[i].buf.max = 0;
}
return 0;
@@ -914,6 +905,10 @@ int main(int argc, char ** argv)
signal(SIGPIPE, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
epollfd = setup_event_queue();
if (epollfd < 0)
{

11
schema/daemon_event_schema.json
View File

@@ -53,7 +53,16 @@
"idle-scan-period": {
"type": "number"
},
"max-idle-time": {
"generic-max-idle-time": {
"type": "number"
},
"icmp-max-idle-time": {
"type": "number"
},
"udp-max-idle-time": {
"type": "number"
},
"tcp-max-idle-time": {
"type": "number"
},
"tcp-max-post-end-flow-time": {

16
schema/flow_event_schema.json
View File

@@ -11,10 +11,10 @@
"flow_packet_id",
"flow_first_seen",
"flow_last_seen",
"flow_min_l4_data_len",
"flow_max_l4_data_len",
"flow_tot_l4_data_len",
"flow_avg_l4_data_len",
"flow_min_l4_payload_len",
"flow_max_l4_payload_len",
"flow_tot_l4_payload_len",
"flow_avg_l4_payload_len",
"l3_proto",
"l4_proto",
"midstream",
@@ -76,16 +76,16 @@
"flow_max_packets": {
"type": "number"
},
"flow_min_l4_data_len": {
"flow_min_l4_payload_len": {
"type": "number"
},
"flow_max_l4_data_len": {
"flow_max_l4_payload_len": {
"type": "number"
},
"flow_tot_l4_data_len": {
"flow_tot_l4_payload_len": {
"type": "number"
},
"flow_avg_l4_data_len": {
"flow_avg_l4_payload_len": {
"type": "number"
},
"l3_proto": {

42
scripts/daemon.sh Executable file
View File

@@ -0,0 +1,42 @@
#!/usr/bin/env sh
#
# Simple nDPId/nDPIsrvd start/stop script for testing purposes.
#
NUSER="nobody"
NSUFFIX="${NSUFFIX:-daemon-test}"
if [ x"${1}" = x -o x"${2}" = x ]; then
printf '%s\n' "usage: ${0} [nDPId-path] [nDPIsrvd-path]" >&2
printf '\n\t%s=%s\n' 'env NUSER' "${NUSER}" >&2
printf '\t%s=%s\n' 'env NSUFFIX' "${NSUFFIX}" >&2
exit 1
fi
if [ -r "/tmp/nDPId-${NSUFFIX}.pid" -o -r "/tmp/nDPIsrvd-${NSUFFIX}.pid" ]; then
nDPId_PID="$(cat "/tmp/nDPId-${NSUFFIX}.pid" 2>/dev/null)"
nDPIsrvd_PID="$(cat "/tmp/nDPIsrvd-${NSUFFIX}.pid" 2>/dev/null)"
if [ x"${nDPId_PID}" != x ]; then
sudo kill "${nDPId_PID}"
else
printf '%s\n' "${1} not started .." >&2
fi
if [ x"${nDPIsrvd_PID}" != x ]; then
kill "${nDPIsrvd_PID}"
else
printf '%s\n' "${2} not started .." >&2
fi
printf '%s\n' "daemons stopped" >&2
else
set -x
${2} -p "/tmp/nDPIsrvd-${NSUFFIX}.pid" -c "/tmp/nDPIsrvd-${NSUFFIX}-collector.sock" -s "/tmp/nDPIsrvd-${NSUFFIX}-distributor.sock" -d
sudo chgrp "$(id -n -g "${NUSER}")" "/tmp/nDPIsrvd-${NSUFFIX}-collector.sock"
sudo chmod g+w "/tmp/nDPIsrvd-${NSUFFIX}-collector.sock"
sudo ${1} -p "/tmp/nDPId-${NSUFFIX}.pid" -c "/tmp/nDPIsrvd-${NSUFFIX}-collector.sock" -d -u "${NUSER}"
set +x
printf '%s\n' "daemons started" >&2
printf '%s\n' "You may now run examples e.g.: $(realpath --relative-to="$(pwd)" $(dirname "${0}")/../examples/py-flow-info/flow-info.py) --unix /tmp/nDPIsrvd-${NSUFFIX}-distributor.sock"
fi

23
scripts/get-and-build-libndpi.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -e
set -x
LOCKFILE="$(realpath "${0}").lock"
touch "${LOCKFILE}"
exec 42< "${LOCKFILE}"
flock -x -n 42 || {
printf '%s\n' "Could not aquire file lock for ${0}. Already running instance?" >&2;
exit 1;
}
cd "$(dirname "${0}")/.."
git submodule update --init ./libnDPI
cd ./libnDPI
DEST_INSTALL="${DEST_INSTALL:-$(realpath ./install)}"
MAKE_PROGRAM="${MAKE_PROGRAM:-make -j4}"
./autogen.sh --prefix="${DEST_INSTALL}" --with-only-libndpi
${MAKE_PROGRAM} install
rm -f "${LOCKFILE}"

912
test/results/1kxun.pcap.out
View File

File diff suppressed because it is too large Load Diff

8
test/results/443-chrome.pcap.out
View File

@@ -1,6 +1,6 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109434,"pkt_ts_usec":258190,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test"}

12
test/results/443-curl.pcap.out
View File

@@ -1,15 +1,15 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":474299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00436{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":512991,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":513098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
01121{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":522725,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7FgtjjAbvMd3aWj5LRfoAYECzDZwAAAQEICh5iReYlaAqTFgMBAgABAAH8AwM+OEHtzCD20OX3Fnq37pGoAMjvcMLWJMfHlDokAm2fvAAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABEADwAADHd3dy5udG9wLm9yZwALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAADgAMAmgyCGh0dHAvMS4xABUArgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00720{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":560634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0W75AADQGsY+yPsWCwKgBDQG72OOPktF+zHd4m4AQAfomFwAAAQEICiVoCsIeYkXm"}
02365{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":563403,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUW79AADQGq+6yPsWCwKgBDQG72OOPktF+zHd4m4AQAfrtUgAAAQEICiVoCsUeYkXmFgMDAGYCAABiAwOPct0uNdz13fOK5124VdFhC02zKTfLIM0xh+7BIFf7JSDqj80dqPhjW9XfKkW2A3ZN18+1+CZm\/3f9R2Nb+ajwy8AvAAAa\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIWAwMJ+AsACfQACfEABVUwggVRMIIEOaADAgECAhIDxW9mNu2nL39MVmX6BV2TMlUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTE5MTIxNzAxMTcyOFoXDTIwMDMxNjAxMTcyOFowFzEVMBMGA1UEAxMMd3d3Lm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHDQayg1hZirIX4Lqo3WG5KpMHniFi3Mrw70HcZqirZW5NUs9muyeR2daOyJjrsrcxe5XeHEXf5ru6+lYjXKiJUopGwLGWi1MuiA9gxWWZLWVeWEttxEmwTTqWlShR8ip32eF1LWpw+F0\/c7QNC2bLlmcSkK9oUS8lWxZizXhwgMReDaqPRYDEvhZYtdfWcfkpSDtRToDgE82uKrDur4Q1u38uBJsp\/Zuk427G+2bOLN0pIsECXklgqQWZhVqEqvoDVHDRIwlzyNKwbt7R+GffgX5sp5gUkbyOPc++GR+fOVL7\/MuzNWp2Ur2zThN4UF6enMUdFCrd\/aCFa8DDGwQIDAQABo4ICYjCCAl4wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmdzmXZiclqr7hh6e7K5a4h\/CR1zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBcGA1UdEQQQMA6CDHd3dy5udG9wLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbxGlYBAAAAQDAEgwRgIhAIRceob4hnAbM9rJbnEpY+A50PHaV61rmP\/FPogwHJlnAiEAiK3s5Ni+tJcif2KrozzCA+H4Z5wsGO\/rP7mWl\/8vPTAAdgAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8RpWAtAAAEAwBHMEUCIDAoXUAacoihoRLZX4xqZwCvTg3tPgFpCX2S7ZjjFV7RAiEAqJN+En3T+\/ydrTEr5TNFIftUI+4vvVlbwZiJasTYVG4wDQYJKoZIhvcNAQELBQADggEBABf660IO1+locKETiuPkBudrM2Gg2CMTwawmZ8YWY0H7ZucmeZKLjBIr10rhc\/xXzyKNPlklujVS4QNzb64syqShdO9NKJYTs3waFZTL7ydLvW0D4fczI3O+vPDZhwZpLmn+nqS+eWOoIfOLT7ybQqmBmqXgIBoyBlCSHhlepcZ1ZAlhZDuOaxVjHsL7TTVJqXPX6Mzg7LSS4E55KIz9jb1FBPqySSarb6F20U4aoE8vYu+DsC17ZWHL2SZkzmRlaFwVC2przQWki8GfGb0+3wBv"}
00776{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02369{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564527,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUW8BAADQGq+2yPsWCwKgBDQG72OOPktcezHd4m4AQAfouagAAAQEICiVoCsUeYkXm2KRVjbq6lkVyOTkZXPr2pwfJk+y1sTzGxZXL7xzYeRBPsI+K1ABFuSfd4k+8lP4ABJYwggSSMIIDeqADAgECAhAKAUFCAAABU4VzaguF7KcIMA0GCSqGSIb3DQEBCwUAMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwHhcNMTYwMzE3MTY0MDQ2WhcNMjEwMzE3MTY0MDQ2WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB\/XkZqf89B4Z3HIaQ6Vkc\/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y\/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2\/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR\/DMH+ieTETPS02+OP88jNquTkxxa\/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggF9MIIBeTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAU0MAAFJAwAXQQTIuLmC\/KhAtEjXNePRjR3Z8z13PY2gP\/N2rl87G0XX6wcA\/FkX8ADlRdEmktl0DAuY2fj25Fk6Uj7vZcWm8XWIBAEBAE9krhh36h5ca3LOrq6uUPo9avm5L4w3HTam31\/Ta1mfoMEhi0CisSJeWJAWHx3wcjakDfVuiOAWa8XabgEfyEMvWdlEoC9hfWZnVSx3l5+WAVKua\/qJho4H3jhUN0bYoCTlgLICK+VGTDi6oQH9onrHbFPE+\/fnsBHERYLhgc6BRfwhwrNP"}
00977{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_tot_l4_data_len":3641,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00988{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00608{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564529,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC3W8FAADQGsQmyPsWCwKgBDQG72OOPkty+zHd4m4AYAfoN\/QAAAQEICiVoCsUeYkXm66hTzubMWB08s3PkhsL9JqVuuKtC6Q0mFf6B4oBc2\/U2+ighQD73s0KYSsAN2q7FfukeSK4MeIkwGkFip7nL2Anu6BP4tpM5odv8A\/wsfYjJUcVxbpTPS64h+NrbHwJhGR\/RS8rkqGW5ZFY\/2ZG4woWm+3h\/FLx5bRoWAwMABA4AAAA="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3ibj5LcvoAQD9MM0gAAAQEICh5iRg8laArF"}
00426{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564603,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3ibj5LdQYAQD\/UMLQAAAQEICh5iRg8laArF"}
@@ -18,5 +18,5 @@
00505{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615460,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"KDc3AG3IEBMx8Tl2CABFAABtW8NAADQGsVGyPsWCwKgBDQG72OOPkt10zHd5GYAYAfp7mQAAAQEICiVoCvkeYkYZFwMDADSs\/COuKf6QzbZuwm5bQ+t1xaNk5sTWeJideDy\/mEPzRPt1g1pEejHD9dWUd1PFn4IWabl7"}
00426{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3kZj5LddIAQD\/4LDwAAAQEICh5iRj8laAr5"}
00426{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3kZj5LdrYAQD\/wK2AAAAQEICh5iRj8laAr5"}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_tot_l4_data_len":70276,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":644,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test"}

12
test/results/443-firefox.pcap.out
View File

@@ -1,15 +1,15 @@
00388{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":41083,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79695,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
01129{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":81517,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7Fgs9oAbstYO2peCoQ9IAYECxBgwAAAQEICh4r1YslMJ2OFgMBAgABAAH8AwOUa\/El1SC4SOV9CcN1r6cpW+siDNFHDg6B0Jx3puu2HCDuWUpvRGQcZEnGz5IHtl2G4czu+ssSIC6vfxuSOCPZ9QAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABEADwAADHd3dy5udG9wLm9yZwAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgEe3v4+aZzjqvjKifwJvnUyAU75U99AdjBg2UClguoEsAFwBBBNOOVnM3\/ljW1RxVAgKlkC5JeOU5cpLYYiMFaZX\/Y\/IlsD8SBGEv68Zc7h4OxYI4cIk\/\/nVqycuiWb+\/FGG07XMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":119593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HdRAADQG73myPsWCwKgBDQG7z2h4KhD0LWDvroAQAfoNXQAAAQEICiUwnbceK9WL"}
02367{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123692,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHdVAADQG6diyPsWCwKgBDQG7z2h4KhD0LWDvroAQAfqVUAAAAQEICiUwnboeK9WLFgMDAE4CAABKAwOvM8LrXKoo0unofgHocdvd\/Ny9B7iQj9XZFL3OXqjiSgDMqAAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAQAAUAAwJoMgAXAAAWAwMJ+AsACfQACfEABVUwggVRMIIEOaADAgECAhIDxW9mNu2nL39MVmX6BV2TMlUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTE5MTIxNzAxMTcyOFoXDTIwMDMxNjAxMTcyOFowFzEVMBMGA1UEAxMMd3d3Lm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHDQayg1hZirIX4Lqo3WG5KpMHniFi3Mrw70HcZqirZW5NUs9muyeR2daOyJjrsrcxe5XeHEXf5ru6+lYjXKiJUopGwLGWi1MuiA9gxWWZLWVeWEttxEmwTTqWlShR8ip32eF1LWpw+F0\/c7QNC2bLlmcSkK9oUS8lWxZizXhwgMReDaqPRYDEvhZYtdfWcfkpSDtRToDgE82uKrDur4Q1u38uBJsp\/Zuk427G+2bOLN0pIsECXklgqQWZhVqEqvoDVHDRIwlzyNKwbt7R+GffgX5sp5gUkbyOPc++GR+fOVL7\/MuzNWp2Ur2zThN4UF6enMUdFCrd\/aCFa8DDGwQIDAQABo4ICYjCCAl4wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmdzmXZiclqr7hh6e7K5a4h\/CR1zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBcGA1UdEQQQMA6CDHd3dy5udG9wLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbxGlYBAAAAQDAEgwRgIhAIRceob4hnAbM9rJbnEpY+A50PHaV61rmP\/FPogwHJlnAiEAiK3s5Ni+tJcif2KrozzCA+H4Z5wsGO\/rP7mWl\/8vPTAAdgAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8RpWAtAAAEAwBHMEUCIDAoXUAacoihoRLZX4xqZwCvTg3tPgFpCX2S7ZjjFV7RAiEAqJN+En3T+\/ydrTEr5TNFIftUI+4vvVlbwZiJasTYVG4wDQYJKoZIhvcNAQELBQADggEBABf660IO1+locKETiuPkBudrM2Gg2CMTwawmZ8YWY0H7ZucmeZKLjBIr10rhc\/xXzyKNPlklujVS4QNzb64syqShdO9NKJYTs3waFZTL7ydLvW0D4fczI3O+vPDZhwZpLmn+nqS+eWOoIfOLT7ybQqmBmqXgIBoyBlCSHhlepcZ1ZAlhZDuOaxVjHsL7TTVJqXPX6Mzg7LSS4E55KIz9jb1FBPqySSarb6F20U4aoE8vYu+DsC17ZWHL2SZkzmRlaFwVC2przQWki8GfGb0+3wBv2KRVjbq6lkVyOTkZXPr2pwfJk+y1sTzG"}
00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02372{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123785,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHdZAADQG6deyPsWCwKgBDQG7z2h4KhaULWDvroAQAfoeuAAAAQEICiUwnboeK9WLxZXL7xzYeRBPsI+K1ABFuSfd4k+8lP4ABJYwggSSMIIDeqADAgECAhAKAUFCAAABU4VzaguF7KcIMA0GCSqGSIb3DQEBCwUAMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwHhcNMTYwMzE3MTY0MDQ2WhcNMjEwMzE3MTY0MDQ2WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB\/XkZqf89B4Z3HIaQ6Vkc\/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y\/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2\/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR\/DMH+ieTETPS02+OP88jNquTkxxa\/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggF9MIIBeTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDASwMAAEoAwAdIKFSxuOb0oVG9\/kfAIUP0Iz3QlYJcsmpctk7HcKzlRhmCAQBAIVAJeDhP5lPq0OCGEt3uZVY0vFa\/obRnaQAcX78vCjY8+ENip49+1Y6EZk6gEqqCcL68vo\/N\/qEWn86NuoJGKs\/qj8kg82MgEJ+qHI+XUh7XGmGOKgFxYEEJtVGPPbKIBloLzkp8G77Zws7dUNLmUGXdWAV7jipXz0v2z1rVed8VWluevP1NtGkcmuPwrmTuMf5uyeLGkFa3+PL7GWBTdylsOyua+BqW2x3ATfUoiFlOGjh\/M+zmFNfsYyDTiOz"}
01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_tot_l4_data_len":3641,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
01054{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00531{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123787,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+HddAADQG7yyyPsWCwKgBDQG7z2h4Khw0LWDvroAYAfoO\/wAAAQEICiUwnboeK9WLZ4YR4bnOF6tPCTZOqJjVwYxlP4OP52PvwGPt\/kRoBqGRPIjpXSxMVNbmyTiiNTUSI6U1DvfsFNytQP+Yhft5jI0WAwMABA4AAAA="}
00426{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO+ueCocNIAQD9L0GQAAAQEICh4r1bMlMJ26"}
00429{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO+ueCocfoAQD8\/z0gAAAQEICh4r1bMlMJ26"}
@@ -18,5 +18,5 @@
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164490,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"KDc3AG3IEBMx8Tl2CABFAABlHdlAADQG70OyPsWCwKgBDQG7z2h4Kh2ILWDwA4AYAfqzkwAAAQEICiUwneMeK9W1FwMDACxffRqcy2j37wKerf7ZOK8PIq4YWRNxkgdTirhwIr1LXYymQjh\/dnRfmvIfcg=="}
00429{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164577,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYPADeCodiIAQD\/fx+wAAAQEICh4r1dolMJ3j"}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYPADeCoduYAQD\/bxywAAAQEICh4r1dolMJ3j"}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_tot_l4_data_len":435389,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":652,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test"}

12
test/results/443-git.pcap.out
View File

@@ -1,15 +1,15 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":633853,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":751016,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGeLPAqAENjFJyBNnAAbv0\/p6AgM3QzYAYECpqTgAAAQEICh5qXDMOCxAaFgMBAgABAAH8AwNQWUIaokrsiL8XEswp8oDn8SQNNiEML8bEosBTihcRygAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAAA8ADQAACmdpdGh1Yi5jb20ACwAEAwABAgAKADoAOAAOAA0AGQAcAAsADAAbABgACQAKABoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA0AJgAkBgEGAgYD7+8FAQUCBQMEAQQCBAPu7u3tAwEDAgMDAgECAgIDM3QAAAAQAAsACQhodHRwLzEuMQAVALMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
02336{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863699,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXEwPpAADIGwi2MUnIEwKgBDQG72cCAzdDN9P6ghYAQAB10xQAAAQEICg4LEDgealwzFgMDAGwCAABoAwPki9jhPmCkj6agnB13yqVRrfsdioC9VcxET1dOR1JEASDxGH7q5wCfHu4g3J9YnEevlg7HfliESOuB6g4QuH+MBcAvAAAg\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMMDQsADAkADAYAB0YwggdCMIIGKqADAgECAhAKBjBCf1u87WlXOWWTtkUfMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNDAyBgNVBAMTK0RpZ2lDZXJ0IFNIQTIgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EwHhcNMTgwNTA4MDAwMDAwWhcNMjAwNjAzMTIwMDAwWjCBxzEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxEDAOBgNVBAUTBzUxNTc1NTAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPKryPJcMOsFPKK1ycH3Tzrm1YHOkdJuKd0b9ephCTMUwGVeaqTML4V1NEFjKd5nDk\/P5dZC8v7vglbouxY1zYQXTEISos4m4L3OM8Cpuvu6ug0uCEbFh\/Xdh2psbmiP\/jH6iAQbd0X9TlgjBWvrnwMrIRIxXp6hhX2YNV9O4lqy2SpzB6uj7lkAp9hUwtQSwzAW2hMMkWZV\/omWQ5bCzGnVZxD8xFArVzKo6hQVSBjKWB2HfJ4IM94XbYDHwCVDFtxoj4bB9AvUUHsnL6H4qMwT2UT9SmBXpC3ZHXE1Ka8UIFa740Vfp6nAU\/8lFuQx8vPRt5gVS+YyAu3BWkQ9LAgMBAAGjggN5MIIDdTAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUycJTYWadX6sl9CbNDziaqEnqSKkwJQYDVR0RBB4wHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABY0FibQoAAAQDAEcwRQIhANFmnfxxNaxYfYZ0Gl7+49M="}
00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_tot_l4_data_len":2121,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02338{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863740,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXEwPtAADIGwiyMUnIEwKgBDQG72cCAzdZd9P6ghYAQAB0uEgAAAQEICg4LEDgealwzWnsu\/m4BEC2+dIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N+XcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW\/ip2oJ5grAH8mqQfaunuCVE+vac+88lkDK\/LVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw+yxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc\/2z2shNoDvxvFUYyY1Oe67xINkmyQKc+ygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma+FXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna\/teikABLowggS2MIIDnqADAgECAhAMealEsIwRlSCSYV\/iax2DMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11OkBFH4maYWSEtnJ6qTSdA57QywsACH8WcohoWMjmPavLFAOOLT9eylBRi4PT7FmRcy7BiM+vEMpmQhhcsHEDSwUogrH2ib0rGPErCz0ueIHx\/vOHdUU1+AeT8uGqqoHksrDau3Y7k1t30UvFlL31FK0qHiDOKQgodqrurXZNaYVej9rxpQbFS8EfL9SvKdu38O9NW+jhaJElXYwHE07vbcLezEhyWGjdgh5LBNDIncOSYX3fbXlIXYBCFwnW9v\/1y6GeFFy1ZXKH4cDUFXqre4J7ux5Poq7yEjdRqtLZuGNYycd7VzrdiULeTzDJ3uwU5ifhfAcZ4s3vH5ECgZMwIDAQABo4IBSTCCAUUwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmQ="}
01371{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863749,"pkt_caplen":768,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":768,"pkt_l4_len":734,"pkt":"KDc3AG3IEBMx8Tl2CABFAALywPxAADIGxP2MUnIEwKgBDQG72cCAzdvt9P6ghYAYAB33cAAAAQEICg4LEDgealwzaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF\/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi\/hw15UJGQmxg7kVkn8TUoE6smftX3ehYDAwFNDAABSQMAF0EEviPCEhvi59\/6T9MgEZKwV0P2OvDb2lxoYjEG5vsi\/GBNZCvMQIi4iYKpdl7TR+23s\/ToYG3xlEUBwWaysxfvXQQBAQAuBk8cLaFssUGAuvswNmrq02lhqwkXi\/wU3UU\/AkCzSFmjQ7wtJWrU6hSUZ3hAmh91DpceCCVQ7Rxf8xfryCEZbPNuCh64PhEwWNMp019JpkISwyTNXz46vjxbrUxGhmOrmMzcmFRZ7q+hZZLhwxYyuxOKIY7fn5T8gFT89sb9ufiteD0BXA85KIh\/u76cpH0g38RNfBIRSXrsarDNoXdFIFX9ODLWnob+HV5b6AIqoQRFrLU3nkOyBjYjY2qp2BhwJZsxq5AIwHNywkgA9gqiVHOKjNlJl58wcfvlk2UlkCpulNjNTECyXO1XUcWtPSrkT12iLElSLvMrMg5St+uKFgMDAAQOAAAA"}
01085{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_tot_l4_data_len":4311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":615,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
01096{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00424{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/qCFgM3b7YAQD9E\/1QAAAQEICh5qXKIOCxA4"}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/qCFgM3eq4AQD7s9LQAAAQEICh5qXKIOCxA4"}
00599{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":874902,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGejrAqAENjFJyBNnAAbv0\/qCFgM3eq4AYEAAyjAAAAQEICh5qXKwOCxA4FgMDAEYQAABCQQR4DzL7VHI2p9Wsor\/3Vo+N5AnUsHpLTKA09EA6pNCLHfqzPZDgrXdy4uSgcbnJbZZgDjW0mC8atlmChwGPzYamFAMDAAEBFgMDACgAAAAAAAAAAHd9Rs8Pb0Y7rv\/z7IipdV0+VbYENXE30Jp+r4B5hI8\/"}
@@ -18,5 +18,5 @@
00705{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":988380,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAGeenAqAENjFJyBNnAAbv0\/qEDgM3e3oAYEACF3gAAAQEICh5qXRgOCxBWFwMDAMoAAAAAAAAAAZteE2M50auMrOtfwzcbrjE5WSBBGbdFq8Wv4YIfG49Pd6pjfLi8bvfrvWBPpyLBoiAfBJfKXWUmVmlXSRH2FbhdbL6+RF4mftwCy7PUQCTF7z1+QJXZiylicLOVB6F+QgE78ERJTYJZ5fqeUMaOnSKsYbY3QkmS8On68oWh9PJWvTllzj24jo7NW0yhQmQ5nrxaN845D0504ebzIYNzgvXdV6rf08Iu+PMC6t\/37IhUjJDXatJxPaJ40aWY6+Eo3mch"}
00928{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113658,"pkt_ts_usec":131245,"pkt_caplen":437,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":437,"pkt_l4_len":403,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGnwP5AADIGxkaMUnIEwKgBDQG72cCAzd7e9P6h0oAYAB5pFgAAAQEICg4LEHoeal0YFwMDAW6Jm0EBvvRKLb0S9s4ZFGBMJ3epNReWPVZ+jw3d4XVirOKjdNQAI7COlaOiHvNnTlNKp9qv2guBbvHpG8VXnNVC6PdTOxzmNCoVDBZCBZ6MYz8O2gPsFtxZfR3mpveIPegsG09ZTcLM6rMjQHHhOvjdbMQWmvijnpwY3AK8Ou7KDDLoTZtSqnHEEk0HDk8nzvykyDh3WKm2+6v72\/VImnsPeZqMVEifVcU00r4L8C1rn0dMsQnWSzwNg96VpSxg69HXwCoAXbkeTTBTAnyJZTMWWWRvohuzcXJxklcxh3\/XPOYK0t65bhJkDrCUb\/IsRoynsBkL\/+JuUPaSYE0mPT6LYxqv38aXfY9q7gkPKraZ5Xwy02FbwvU9GD59UHHdsPaIKgBceRC+qceZ1jgF6QLKvYkBkpwqtV2vcYSbR1a\/Jj413t8tPLLJwVanjG6CEkcGGQijHtu6RnBIo3+JkhpBZ+rXrOklbvVPqr2Eg84="}
00528{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113658,"pkt_ts_usec":131250,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+wP9AADIGx26MUnIEwKgBDQG72cCAzeBR9P6h0oAYAB7pmQAAAQEICg4LEHoeal0YFwMDAEWJm0EBvvRKLmX7drjPshGyaEJWmqcp1RQ+pyLs4CGONTV6yT1TRVDipzhBBC2J7XfD1QzS\/vH7qDNCq0AYEKrGNVvpC2I="}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_tot_l4_data_len":34809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test"}

8
test/results/443-opvn.pcap.out
View File

@@ -1,12 +1,12 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":528454,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
00485{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":603974,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgAABAAEAG+CfAqAFUwAzAZ87tBKpga1qvYFmVNoAYECxEwAAAAQEIChYNhGMcQO0VACo41nvkW+XCAesBZDX8sdb2DhrIizKVRtw8er8LngAAAAFePnuYAAAAAAA="}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":625141,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0eCxAADYGiifADMBnwKgBVASqzu1gWZU2YGta24AQAcUJRgAAAQEIChxA7iIWDYRj"}
00502{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626109,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"KDc3AG3IEBMx8Tl2CABFAABseC1AADYGie7ADMBnwKgBVASqzu1gWZU2YGta24AYAcVPwwAAAQEIChxA7iIWDYRjADZAGQgugPnKUoAhWk5EFW4WBnpU\/ornQ3WM1pHQ1gAAAAFePnuYAQAAAADWe+Rb5cIB6wAAAAA="}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00423{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1rbYFmVboAQECr6lAAAAQEIChYNhHccQO4i"}
00500{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626548,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMx8Tl2KDc3AG3ICABFAABoAABAAEAG+B\/AqAFUwAzAZ87tBKpga1rbYFmVboAYEColyAAAAQEIChYNhHgcQO4iADIo1nvkW+XCAevrBy2vwZH\/+bWS\/9mZxBfmMUqaFQAAAAJePnuYAQAAAAAZCC6A+cpSgA=="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":683495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0eC5AADYGiiXADMBnwKgBVASqzu1gWZVuYGtbD4AQAcUItgAAAQEIChxA7jEWDYR4"}
@@ -16,5 +16,5 @@
00425{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1xQYFmaAIAQEAX0RAAAAQEIChYNhM8cQO44"}
02370{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716678,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUeDFAADYGhILADMBnwKgBVASqzu1gWZoAYGtcUIAQAda19QAAAQEIChxA7jgWDYSwBIQgGQgugPnKUoD7C2lnhAEvosaCXjxmdu0yP19GwQAAAANePnuYAAAAAAITC1JlZ2lzdHJvLml0MRcwFQYDVQQDEw5SZWdpc3Ryby5pdCBDQTEiMCAGCSqGSIb3DQEJARYTc3lzYWRtaW5AaWl0LmNuci5pdDAeFw0xMDExMTYwOTIxMTJaFw0yMDExMTMwOTIxMTJaMHwxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJJVDENMAsGA1UEBxMEUGlzYTEUMBIGA1UEChMLUmVnaXN0cm8uaXQxFzAVBgNVBAMTDlJlZ2lzdHJvLml0IENBMSIwIAYJKoZIhvcNAQkBFhNzeXNhZG1pbkBpaXQuY25yLml0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5U+RMCjnQuvzHq7fgJqj4uLHJ7OnEz7FRhJd1X2OejtSFzQAmtrpXSRsZp7qg+AMCYF1xaxZFwXQB3B08357haSfPf0dwtxbyBWhKuKcpDUbOHHnxnHM\/lHsYjDmkORj7vNun3TjaGRRFT354vRPW5R34FowfSkg8nOPIS\/XxQQIDAQABo4HiMIHfMB0GA1UdDgQWBBRENt80e2klAwXa3FJuxjLNFhjmCDCBrwYDVR0jBIGnMIGkgBRENt80e2klAwXa3FJuxjLNFhjmCKGBgKR+MHwxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJJVDENMAsGA1UEBxMEUGlzYTEUMBIGA1UEChMLUmVnaXN0cm8uaXQxFzAVBgNVBAMTDlJlZ2lzdHJvLml0IENBMSIwIAYJKoZIhvcNAQkBFhNzeXNhZG1pbkBpaXQuY25yLml0ggkAqZ44Y9swi1cwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOBgQAFrDWUvJgb6V+jqUXLPIy4ULOpRDsWT2XzURZZ5WOkx2Yr118oLxXmc\/wn2vuo5X5vL7P4mB03vuxuhMGYpypFpaOsYQ8VCK5saM8K7FkH5ARTrWnlYFkoyENqP4gyluvwL9L5HJOIkPIT0mnuEavn\/gxAoJUalJftiH3lj8RMUhYDAwGPDAABiwCArmEyht5IZRYD3QKjerugfd2uK8X5lMxAoC23X\/EKay6Z0Gv+5sUenP4qnPZsDv4PVtwiKSrpSMAhi3p0axeMDiy4+lTRjYVxGdsYjHLHNzi3LzksUdUFbjlI0IAaDRNo+U\/ykzXhjwR8Xg3PgRZDE93YimUQelNRFYx5QKHf4MsAAQIAgBa1dFfTT5BBaGSxj8+AJ77nJQGQ\/0BD89QOnGO6\/2EI19BQKjm7JXGJXW\/XnJrfnVk\/8N2nTmcGNUB4\/\/FCRdKr4oMDPvfjuv7e7sdVKkuDL7Sx66IBy\/wRJYVfcbw91CQQeeeo+3TKQEvuccV9rdZlcFVm3BtwirMuWnXmwXgvBAEAgIYPrFjXk+HhdIaSJuUz8sxf\/Zlh+VDsWaHE9qguCnhdnP60TnCzY46o\/HPZZ4NVREClqrMiCt91T8+WjGkRsFq4tzGbARsgGQgugPnKUoDxtf5GQuyTUCf9Slfh\/dOgRpb7sgAAAARePnuYAAAAAAPY5NQn+9kPrOvrL\/kkxwz31Ak4o2EfKMrgrX9szLLjoXryuObF\/zGgNrmyaq8fejBO90nHcxMHu6ZfHIkWAwMAsA0AAKgFAwQBAkAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwCAAH4wfDELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRQaXNhMRQwEgYDVQQKEwtSZWdpc3Ryby5pdDEXMBUGA1UEAxMOUmVnaXN0cm8uaXQgQ0ExIjAgBgkqhkiG9w0BCQEWE3N5c2FkbWluQGlpdC5jbnIuaXQO"}
00500{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716855,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMx8Tl2KDc3AG3ICABFAABoAABAAEAG+B\/AqAFUwAzAZ87tBKpga1xQYFmfoIAYD9hfJAAAAQEIChYNhM8cQO44ADIo1nvkW+XCAesovRmAJlqMfsDgqoZ62+nwdLKzdgAAAARePnuYAQAAAAEZCC6A+cpSgA=="}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_tot_l4_data_len":10009,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":217,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test"}

12
test/results/443-safari.pcap.out
View File

@@ -1,15 +1,15 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":601646,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639845,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
00741{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":641072,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEdAABAAEAGAGXAqAENsj7Fgs8nAbvmgoUOqpsjGIAYECyk0wAAAQEICh4p6N8lLqfYFgMBAOQBAADgAwO3U9SDw6dmF9tIkvK4s2zLvIzeuLe65SzRlAWXQjKSvgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACP\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_tot_l4_data_len":381,"flow_min_l4_data_len":32,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":679612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Q1tAADQGyfKyPsWCwKgBDQG7zyeqmyMY5oKF94AQAfxcAwAAAQEICiUup\/8eKejf"}
02365{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683686,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUQ1xAADQGxFGyPsWCwKgBDQG7zyeqmyMY5oKF94AQAfwvQQAAAQEICiUuqAMeKejfFgMDAGoCAABmAwOKpsicpud3Lmk42Brvx+EObzU7se9MEi0URMjNTzFWCSCCpUGJk7ZDH0ec58XLYe70v2C1P918PawRwoCm\/lXuYMyoAAAe\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIAFwAAFgMDCfgLAAn0AAnxAAVVMIIFUTCCBDmgAwIBAgISA8VvZjbtpy9\/TFZl+gVdkzJVMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMTcwMTE3MjhaFw0yMDAzMTYwMTE3MjhaMBcxFTATBgNVBAMTDHd3dy5udG9wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0hw0GsoNYWYqyF+C6qN1huSqTB54hYtzK8O9B3Gaoq2VuTVLPZrsnkdnWjsiY67K3MXuV3hxF3+a7uvpWI1yoiVKKRsCxlotTLogPYMVlmS1lXlhLbcRJsE06lpUoUfIqd9nhdS1qcPhdP3O0DQtmy5ZnEpCvaFEvJVsWYs14cIDEXg2qj0WAxL4WWLXX1nH5KUg7UU6A4BPNriqw7q+ENbt\/LgSbKf2bpONuxvtmzizdKSLBAl5JYKkFmYVahKr6A1Rw0SMJc8jSsG7e0fhn34F+bKeYFJG8jj3PvhkfnzlS+\/zLszVqdlK9s04TeFBenpzFHRQq3f2ghWvAwxsECAwEAAaOCAmIwggJeMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUZnc5l2YnJaq+4YenuyuWuIfwkdcwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAXBgNVHREEEDAOggx3d3cubnRvcC5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAW8RpWAQAAAEAwBIMEYCIQCEXHqG+IZwGzPayW5xKWPgOdDx2leta5j\/xT6IMByZZwIhAIit7OTYvrSXIn9iq6M8wgPh+GecLBjv6z+5lpf\/Lz0wAHYAB7dcG+V9aP\/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFvEaVgLQAABAMARzBFAiAwKF1AGnKIoaES2V+MamcAr04N7T4BaQl9ku2Y4xVe0QIhAKiTfhJ90\/v8na0xK+UzRSH7VCPuL71ZW8GYiWrE2FRuMA0GCSqGSIb3DQEBCwUAA4IBAQAX+utCDtfpaHChE4rj5AbnazNhoNgjE8GsJmfGFmNB+2bnJnmSi4wSK9dK4XP8V88ijT5ZJbo1UuEDc2+uLMqkoXTvTSiWE7N8GhWUy+8nS71tA+H3MyNzvrzw2YcGaS5p\/p6kvnljqCHzi0+8m0KpgZql4CAaMgZQkh4ZXqXGdWQJYWQ7jmsVYx7C+001Salz1+jM4Oy0kuBOeSiM\/Y29RQT6skkmq2+hdtFOGqBPL2Lvg7Ate2Vhy9kmZM5kZWhcFQtqa80FpIvBnxm9"}
00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_tot_l4_data_len":1885,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02370{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683783,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUQ11AADQGxFCyPsWCwKgBDQG7zyeqmyi45oKF94AQAfxqRgAAAQEICiUuqAMeKejfPt8Ab9ikVY26upZFcjk5GVz69qcHyZPstbE8xsWVy+8c2HkQT7CPitQARbkn3eJPvJT+AASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwEsDAABKAMAHSDNFhiWXs0qHQ8G5wseeubU3TMqxpEWpQ1nZZ1JMWOgDggEAQB4JLARF0gDufAS6PjMl+ZcNHBEMmHC5rEI60VQXue9HUGpA8dhR7\/ICwLrTYdp\/W4\/35H1BC1LLjBJjDSuMcNXD1cCam3980yesF6NCICWmLZ3GpmD7NFbRHQJuBQDPScWpjYAG4j\/p+d0iFEHJDGNZU3K1VDwv12wLyU1gAhbuwuVf2lyP10LAbU\/fROyYVTGQZrMVaNoUB7o+SLvlt\/yCy6N"}
01021{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_tot_l4_data_len":3357,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":479,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
01032{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00566{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683785,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"KDc3AG3IEBMx8Tl2CABFAACaQ15AADQGyYmyPsWCwKgBDQG7zyeqmy5Y5oKF94AYAfz2WgAAAQEICiUuqAMeKejflBRBgMGZVdRZOR8f6IjhktBdhoE6\/DQgaS5VQe24xAg6UiVLi4vdkyT6xDPJHOiyUXMCwGj8UsvLwTibbAWapVLRMci9o6jUhBO+6V0kA0KpQQxXe\/PUsiKT3S7QFgMDAAQOAAAA"}
00425{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoX3qpsuWIAQD9JCvwAAAQEICh4p6QklLqgD"}
00427{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoX3qpsuvoAQD89CXAAAAQEICh4p6QklLqgD"}
@@ -18,5 +18,5 @@
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948101,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"KDc3AG3IEBMx8Tl2CABFAABlQ2BAADQGybyyPsWCwKgBDQG7zyeqmy7p5oKGTIAYAfzx6QAAAQEICiUuqQweKenmFwMDACyPw1aJHd3EuqdSE\/LScQ19HUZ6b\/Hrxr1Ppm2Om5KPE2xvVddH2ITgh0Twfg=="}
00429{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoZMqpsu6YAQD\/4\/oQAAAQEICh4p6gwlLqkM"}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoZMqpsvGoAQD\/0\/cQAAAQEICh4p6gwlLqkM"}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_tot_l4_data_len":18535,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":452,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test"}

12
test/results/4in4tunnel.pcap.out
View File

@@ -1,12 +1,12 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00531{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1537044271,"pkt_ts_usec":794779,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00160{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00531{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1537058551,"pkt_ts_usec":803081,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00160{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00531{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1537082929,"pkt_ts_usec":816392,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00160{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00531{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1537138237,"pkt_ts_usec":839574,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00160{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00531{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1537165843,"pkt_ts_usec":864842,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00160{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test"}

8
test/results/4in6tunnel.pcap.out
View File

@@ -1,9 +1,9 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19243,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00552{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19246,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00832{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19247,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02371{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19248,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1412,"flow_avg_l4_data_len":445,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test"}

8
test/results/6in4tunnel.pcap.out
View File

@@ -1,5 +1,5 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":450580,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00527{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":555356,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00611{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236894,"pkt_ts_usec":230722,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="}
@@ -15,6 +15,6 @@
00529{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236898,"pkt_ts_usec":563922,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xltAAPgpDV24af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAGyeXY8BX2JOFVYAAAAAFvgGAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00530{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":458727,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8uBRAAP8pFKSuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAO2XXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00529{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":563862,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlxAAPgpDVy4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAOyXXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00477{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test"}

14
test/results/6in6tunnel.pcap.out
View File

@@ -1,10 +1,10 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00497{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":162188,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="}
00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00493{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":164220,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQP7tAAAAAAAAAAAAAAAAvu\/+7QAAAAAAAAAAAAAAAMr+YAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIHQWVlZWQ=="}
00492{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00450{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00436{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00458{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test"}

47
test/results/BGP_Cisco_hdlc_slarp.pcap.out
View File

@@ -1,30 +1,19 @@
00397{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":131847,"pkt_caplen":48,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":145123,"pkt_caplen":48,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152068,"pkt_caplen":44,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00464{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152099,"pkt_caplen":101,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"pkt":"DwAIAEXAAGH4lEAAAQa2H2QQAQJkEAEBR5QAs7zqddIZWdOAUBhAAOt1AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBAABALQLCwsLHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAAAAE="}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00367{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165354,"pkt_caplen":44,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":5,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00467{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165405,"pkt_caplen":101,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"pkt":"DwAIAEXAAGGvgUAAAQb\/MmQQAQFkEAECALNHlBlZ04C86nYLUBg\/xyizAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBPwAALRubm5uHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAA\/AA="}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":6,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165414,"pkt_caplen":63,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":63,"pkt_l4_len":0,"pkt":"DwAIAEXAADuvgkAAAQb\/V2QQAQFkEAECALNHlBlZ07m86nYLUBg\/xzlsAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":7,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00366{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":172242,"pkt_caplen":44,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"pkt":"DwAIAEXAACj4lUAAAQa2V2QQAQJkEAEBR5QAs7zqdgsZWdPMUBA\/tD2aAAA="}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":8,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00411{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":172264,"pkt_caplen":63,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":63,"pkt_l4_len":0,"pkt":"DwAIAEXAADv4lkAAAQa2Q2QQAQJkEAEBR5QAs7zqdgsZWdPMUBg\/tDlsAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00171{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":9,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":185546,"pkt_caplen":67,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"DwAIAEXAAD+vg0AAAQb\/UmQQAQFkEAECALNHlBlZ08y86nYeUBg\/tDZQAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABcFAAEBAQ=="}
00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":10,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00654{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":195655,"pkt_caplen":195,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"pkt":"DwAIAEXAAL+vhEAAAQb+0WQQAQFkEAECALNHlBlZ0+O86nYeUBg\/tOd1AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkCAAAAGEABAQJAAgoCAgAA\/AAAAAABQAMEZBABAR5kEAEIHmQQAQz\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADACAAAAGEABAQBAAgoCAgAA\/AAAAAABQAMEZBABAQD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABcFAAECAf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8AFwIAAAAA"}
00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":11,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00367{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":202563,"pkt_caplen":44,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"pkt":"DwAIAEXAACj4l0AAAQa2VWQQAQJkEAEBR5QAs7zqdh4ZWdR6UBA\/Bj2HAAA="}
00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":12,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156988,"pkt_ts_usec":877283,"pkt_caplen":63,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":63,"pkt_l4_len":0,"pkt":"DwAIAEXAADuvhUAAAQb\/VGQQAQFkEAECALNHlBlZ1Hq86nYeUBg\/tDirAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":13,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00366{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156989,"pkt_ts_usec":230918,"pkt_caplen":44,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"pkt":"DwAIAEXAACj4mEAAAQa2VGQQAQJkEAEBR5QAs7zqdh4ZWdSNUBA+8z2HAAA="}
00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","datalink":9}
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1445156939131,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00410{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":131847,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00411{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":145123,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152068,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00505{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152099,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":101,"pkt_l4_len":77,"pkt":"DwAIAEXAAGH4lEAAAQa2H2QQAQJkEAEBR5QAs7zqddIZWdOAUBhAAOt1AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBAABALQLCwsLHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAAAAE="}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
00408{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165354,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="}
00508{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165405,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":101,"pkt_l4_len":77,"pkt":"DwAIAEXAAGGvgUAAAQb\/MmQQAQFkEAECALNHlBlZ04C86nYLUBg\/xyizAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBPwAALRubm5uHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAA\/AA="}
00453{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165414,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"pkt":"DwAIAEXAADuvgkAAAQb\/V2QQAQFkEAECALNHlBlZ07m86nYLUBg\/xzlsAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":172242,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4lUAAAQa2V2QQAQJkEAEBR5QAs7zqdgsZWdPMUBA\/tD2aAAA="}
00452{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":172264,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"pkt":"DwAIAEXAADv4lkAAAQa2Q2QQAQJkEAEBR5QAs7zqdgsZWdPMUBg\/tDlsAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00463{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":185546,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":67,"pkt_l4_len":43,"pkt":"DwAIAEXAAD+vg0AAAQb\/UmQQAQFkEAECALNHlBlZ08y86nYeUBg\/tDZQAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABcFAAEBAQ=="}
00697{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":195655,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":195,"pkt_l4_len":171,"pkt":"DwAIAEXAAL+vhEAAAQb+0WQQAQFkEAECALNHlBlZ0+O86nYeUBg\/tOd1AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkCAAAAGEABAQJAAgoCAgAA\/AAAAAABQAMEZBABAR5kEAEIHmQQAQz\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADACAAAAGEABAQBAAgoCAgAA\/AAAAAABQAMEZBABAQD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABcFAAECAf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8AFwIAAAAA"}
00409{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":202563,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4l0AAAQa2VWQQAQJkEAEBR5QAs7zqdh4ZWdR6UBA\/Bj2HAAA="}
00455{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156988,"pkt_ts_usec":877283,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"pkt":"DwAIAEXAADuvhUAAAQb\/VGQQAQFkEAECALNHlBlZ1Hq86nYeUBg\/tDirAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00408{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156989,"pkt_ts_usec":230918,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4mEAAAQa2VGQQAQJkEAEBR5QAs7zqdh4ZWdSNUBA+8z2HAAA="}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test"}

12
test/results/BGP_redist.pcap.out
View File

@@ -1,6 +1,8 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00539{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167156,"pkt_caplen":163,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00163{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","datalink":104}
00534{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167195,"pkt_caplen":159,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":159,"pkt_l4_len":0,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00163{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","datalink":104}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00543{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167156,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00155{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00576{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167195,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test"}

626
test/results/EAQ.pcap.out
View File

@@ -1,21 +1,21 @@
00380{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":562939,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00404{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":566510,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00402{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":569287,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
00541{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":576642,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"ABoRAAACABoRAAABCABFAACMxcFAAEAGRa8KCAABrcJ3MND5AFA4ezYmx4TJ21AYOQihdAAAR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IHRlc3QNCkNvbm5lY3Rpb246IGNsb3NlDQpIb3N0OiB3d3cuZ29vZ2xlLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":20,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00404{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":576764,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAANAABAGO9KtwncwCggAAQBQ0PnHhMnbOHs2ilAQ\/\/+vKQAA"}
01141{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":665784,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"ABoRAAACABoRAAABCABFAAJMAARAABAGOa2twncwCggAAQBQ0PnHhMnbOHs2ilAQ\/\/+kWAAASFRUUC8xLjEgMzAyIEZvdW5kDQpDYWNoZS1Db250cm9sOiBwcml2YXRlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KTG9jYXRpb246IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbS5ici8\/Z2ZlX3JkPWNyJmVpPTFCeG5WY1A5T0tLazh3ZTUwb0RBQWcNCkNvbnRlbnQtTGVuZ3RoOiAyNjINCkRhdGU6IFRodSwgMjggTWF5IDIwMTUgMTM6NDk6MDggR01UDQpTZXJ2ZXI6IEdGRS8yLjANCkFsdGVybmF0ZS1Qcm90b2NvbDogODA6cXVpYyxwPTANCkNvbm5lY3Rpb246IGNsb3NlDQoNCjxIVE1MPjxIRUFEPjxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgiPgo8VElUTEU+MzAyIE1vdmVkPC9USVRMRT48L0hFQUQ+PEJPRFk+CjxIMT4zMDIgTW92ZWQ8L0gxPgpUaGUgZG9jdW1lbnQgaGFzIG1vdmVkCjxBIEhSRUY9Imh0dHA6Ly93d3cuZ29vZ2xlLmNvbS5ici8\/Z2ZlX3JkPWNyJmFtcDtlaT0xQnhuVmNQOU9LS2s4d2U1MG9EQUFnIj5oZXJlPC9BPi4NCjwvQk9EWT48L0hUTUw+DQo="}
00404{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcJAAEAGRhIKCAABrcJ3MND5AFA4ezaKx4TL\/1AQO\/BxFQAA"}
00405{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716290,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAVAABAGO9CtwncwCggAAQBQ0PnHhMv\/OHs2ilAR\/\/+tBAAA"}
00403{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":767743,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcNAAEAGRhEKCAABrcJ3MND5AFA4ezaKx4TMAFAUO\/BxEAAA"}
00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":836590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00406{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":837811,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00404{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":844861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
00596{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":845685,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"ABoRAAACABoRAAABCABFAACzDwpAAEAG\/FcKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AYOQjjRAAAR0VUIC8\/Z2ZlX3JkPWNyJmVpPTFCeG5WY1A5T0tLazh3ZTUwb0RBQWcgSFRUUC8xLjENClVzZXItQWdlbnQ6IHRlc3QNCkNvbm5lY3Rpb246IGNsb3NlDQpIb3N0OiB3d3cuZ29vZ2xlLmNvbS5icg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_tot_l4_data_len":239,"flow_min_l4_data_len":20,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00406{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":845959,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGO+atwncYCggAAQBQnhOoUgNDV639SVAQ\/\/\/iAAAA"}
02255{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":195569,"pkt_caplen":1436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1436,"pkt_l4_len":1402,"pkt":"ABoRAAACABoRAAABCABFAAWOAAhAABAGNn+twncYCggAAQBQnhOoUgNDV639SVAQ\/\/9SqwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDI4IE1heSAyMDE1IDEzOjQ5OjA5IEdNVA0KRXhwaXJlczogLTENCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9MA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTktMQ0KU2V0LUNvb2tpZTogUFJFRj1JRD1mMzM3M2NkNmQyZTI1YmE1OkZGPTA6VE09MTQzMjgyMDk0OTpMTT0xNDMyODIwOTQ5OlM9T1pqVzc3bG1HX19RNUttcTsgZXhwaXJlcz1TYXQsIDI3LU1heS0yMDE3IDEzOjQ5OjA5IEdNVDsgcGF0aD0vOyBkb21haW49Lmdvb2dsZS5jb20uYnINClNldC1Db29raWU6IE5JRD02Nz1ycWdzX2JoV1NrLXdpYjNZZTV6cTRmOXBLb3JLZ1BiSWtQSkZNTUg1Uld3VzlZa3NrZW0xbE95Wk1Bb1NncFdwSmpRYzJxY1ZxWGMwX2xOOE9PNlp3ZGFjV3NNWUFKUnU3UXZrTmRrdEVTdUlWRjV2X2RWOVZtMEZvY25fRDkxZTsgZXhwaXJlcz1GcmksIDI3LU5vdi0yMDE1IDEzOjQ5OjA5IEdNVDsgcGF0aD0vOyBkb21haW49Lmdvb2dsZS5jb20uYnI7IEh0dHBPbmx5DQpQM1A6IENQPSJUaGlzIGlzIG5vdCBhIFAzUCBwb2xpY3khIFNlZSBodHRwOi8vd3d3Lmdvb2dsZS5jb20vc3VwcG9ydC9hY2NvdW50cy9iaW4vYW5zd2VyLnB5P2hsPWVuJmFuc3dlcj0xNTE2NTcgZm9yIG1vcmUgaW5mby4iDQpTZXJ2ZXI6IGd3cw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBbHRlcm5hdGUtUHJvdG9jb2w6IDgwOnF1aWMscD0wDQpBY2NlcHQtUmFuZ2VzOiBub25lDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbm5lY3Rpb246IGNsb3NlDQoNCjwhZG9jdHlwZSBodG1sPjxodG1sIGl0ZW1zY29wZT0iIiBpdGVtdHlwZT0iaHR0cDovL3NjaGVtYS5vcmcvV2ViUGFnZSIgbGFuZz0icHQiPjxoZWFkPjxtZXRhIGNvbnRlbnQ9Ii9pbWFnZXMvZ29vZ2xlX2Zhdmljb25fMTI4LnBuZyIgaXRlbXByb3A9ImltYWdlIj48dGl0bGU+R29vZ2xlPC90aXRsZT48c2NyaXB0PihmdW5jdGlvbigpe3dpbmRvdy5nb29nbGU9e2tFSTonMVJ4blZjR1NFb3piZ2dTS2w0Qm8nLGtFWFBJOicxODE2NywzNzAwMjQ1LDQwMDM1MTAsNDAyNjExMCw0MDI4ODc1LDQwMjk1NjgsNDAyOTgxNSw0MDMwMTI1LDQwMzI1MDAsNDAzMjUyMSw0MDMyNjMxLDQwMzI2NDMsNDAzMjY0NSw0MDMyNjc4LDQwMzMxODMsNDAzMzMwNyw0MDMzMzQ0LDQwMzQyNzAsNDAzNDMyMyw0MDM0NDI1LDQwMzQ4ODQsNDAzNTgxNiw0MDM2MTQ5LDQwMzYxNTgsNDAzNjE2NCw0MDM2NDg1LDQwMzY1MzEsNDAzNjUzOSw0MDM2NjY1LDQwMzY4NDgsNDAzNzQ1Nyw0MDM3NTMxLDgzMDAxNzUsODUwMDM5NCw4NTAxMjQ4LDg1MDEyOTUsODUwMTMzNiw4NTAxMzUxLDg="}
00404{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":246075,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDwtAAEAG\/OEKCAABrcJ3GJ4TAFBXrf1JqFIIqVAQQMib0gAA"}
@@ -26,215 +26,215 @@
04101{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347577,"pkt_caplen":2818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2818,"pkt_l4_len":2784,"pkt":"ABoRAAACABoRAAABCABFAAr0AAtAABAGMRatwncYCggAAQBQnhOoUh5BV639SVAQ\/\/+mPAAAaXVzOjJweH0ua2QtYnV0dG9uLXN1Ym1pdHtib3JkZXI6MXB4IHNvbGlkICMzMDc5ZWQ7YmFja2dyb3VuZC1jb2xvcjojNGQ5MGZlO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1ncmFkaWVudChsaW5lYXIsbGVmdCB0b3AsbGVmdCBib3R0b20sZnJvbSgjNGQ5MGZlKSx0bygjNDc4N2VkKSk7YmFja2dyb3VuZC1pbWFnZTotd2Via2l0LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1tb3otbGluZWFyLWdyYWRpZW50KHRvcCwjNGQ5MGZlLCM0Nzg3ZWQpO2JhY2tncm91bmQtaW1hZ2U6LW1zLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1vLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOmxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtmaWx0ZXI6cHJvZ2lkOkRYSW1hZ2VUcmFuc2Zvcm0uTWljcm9zb2Z0LmdyYWRpZW50KHN0YXJ0Q29sb3JTdHI9JyM0ZDkwZmUnLEVuZENvbG9yU3RyPScjNDc4N2VkJyl9LmtkLWJ1dHRvbi1zdWJtaXQ6aG92ZXJ7Ym9yZGVyOjFweCBzb2xpZCAjMmY1YmI3O2JhY2tncm91bmQtY29sb3I6IzM1N2FlODtiYWNrZ3JvdW5kLWltYWdlOi13ZWJraXQtZ3JhZGllbnQobGluZWFyLGxlZnQgdG9wLGxlZnQgYm90dG9tLGZyb20oIzRkOTBmZSksdG8oIzM1N2FlOCkpO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotbW96LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjMzU3YWU4KTtiYWNrZ3JvdW5kLWltYWdlOi1tcy1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotby1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTpsaW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7ZmlsdGVyOnByb2dpZDpEWEltYWdlVHJhbnNmb3JtLk1pY3Jvc29mdC5ncmFkaWVudChzdGFydENvbG9yU3RyPScjNGQ5MGZlJyxFbmRDb2xvclN0cj0nIzM1N2FlOCcpfS5rZC1idXR0b24tc3VibWl0OmFjdGl2ZXstd2Via2l0LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTstbW96LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTtib3gtc2hhZG93Omluc2V0IDAgMXB4IDJweCByZ2JhKDAsMCwwLDAuMyl9I3Btb2xuayBhe2NvbG9yOiNmZmY7ZGlzcGxheTppbmxpbmUtYmxvY2s7Zm9udC13ZWlnaHQ6Ym9sZDtwYWRkaW5nOjVweCAyMHB4O3RleHQtZGVjb3JhdGlvbjpub25lO3doaXRlLXNwYWNlOm5vd3JhcH0ueGJ0bntjb2xvcjojOTk5O2N1cnNvcjpwb2ludGVyO2ZvbnQtc2l6ZToyM3B4O2xpbmUtaGVpZ2h0OjVweDtwYWRkaW5nLXRvcDo1cHh9LnBhZGl7cGFkZGluZzowIDhweCAwIDEwcHh9LnBhZHR7cGFkZGluZzo1cHggMjBweCAwIDA7Y29sb3I6IzQ0NH0ucGFkc3t0ZXh0LWFsaWduOmxlZnQ7bWF4LXdpZHRoOjIwMHB4fTwvc3R5bGU+IDxkaXYgY2xhc3M9InBtb2FicyIgaWQ9InBtb2NudHIyIiBzdHlsZT0iYmVoYXZpb3I6dXJsKCNkZWZhdWx0I3VzZXJkYXRhKTtkaXNwbGF5Om5vbmUiPiA8dGFibGUgYm9yZGVyPSIwIj4gPHRyPiA8dGQgY29sc3Bhbj0iMiI+IDxkaXYgY2xhc3M9InhidG4iIG9uY2xpY2s9Imdvb2dsZS5wcm9tb3MmJmdvb2dsZS5wcm9tb3MudG9hc3QmJiBnb29nbGUucHJvbW9zLnRvYXN0LmNwYygpIiBzdHlsZT0iZmxvYXQ6cmlnaHQiPiZ0aW1lczs8L2Rpdj4gPC90ZD4gPC90cj4gPHRyPiA8dGQgY2xhc3M9InBhZGkiIHJvd3NwYW49IjIiPiA8aW1nIHNyYz0iL2ltYWdlcy9pY29ucy9wcm9kdWN0L2Nocm9tZS00OC5wbmciPiA8L3RkPiA8dGQgY2xhc3M9InBhZHMiPlVtIG5hdmVnYWRvciBkYSBXZWIgbWFpcyBy4XBpZG88L3RkPiA8L3RyPiA8dHI+IDx0ZCBjbGFzcz0icGFkdCI+IDxkaXYgY2xhc3M9ImtkLWJ1dHRvbi1zdWJtaXQiIGlkPSJwbW9sbmsiPiA8YSBocmVmPSIvY2hyb21lL2luZGV4Lmh0bWw\/aGw9cHQtQlImYW1wO2JyYW5kPUNITkcmYW1wO3V0bV9zb3VyY2U9cHQtQlItaHBwJmFtcDt1dG1fbWVkaXVtPWhwcCZhbXA7dXRtX2NhbXBhaWduPXB0LUJSIiBvbmNsaWNrPSJnb29nbGUucHJvbW9zJiZnb29nbGUucHJvbW9zLnRvYXN0JiYgZ29vZ2xlLnByb21vcy50b2FzdC5jbCgpIj5JbnN0YWxhciBvIEdvb2dsZSBDaHJvbWU8L2E+IDwvZGl2PiA8L3RkPiA8L3RyPiA8L3RhYmxlPiA8L2Rpdj4gPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPihmdW5jdGlvbigpe3ZhciBhPXtzOnt9fTthLnMudmE9NTA7YS5zLnJhPTEwO2Eucy5hYT0iYm9keSI7YS5zLlJhPSEwO2Eucy5VYT1mdW5jdGlvbihiLGMpe3ZhciBkPWEucy5IYSgpO2Eucy5KYShkLGIsYyk7YS5zLlZhKGQpO2Eucy5SYSYmYS5zLlNhKGQpfTthLnMuVmE9ZnVuY3Rpb24oYil7KGI9YS5zLmNhKGIpKSYmMDxiLmZvcm1zLmxlbmd0aCYmYi5mb3Jtc1swXS5zdWJtaXQoKX07YS5zLkhhPWZ1bmN0aW9uKCl7dmFyIGI9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiaWZyYW1lIik7Yi5oZWlnaHQ9MDtiLndpZHRoPTA7Yi5zdHlsZS5vdmVyZmxvdz0iaGlkZGVuIjtiLnN0eWxlLnRvcD1iLnN0eWxlLmxlZnQ9Ii0xMDBweCI7Yi5zdHlsZS5wb3NpdGlvbj0iYWJzb2x1dGUiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYik7cmV0dQ=="}
00406{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347607,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDw5AAEAG\/N4KCAABrcJ3GJ4TAFBXrf1JqFIeQVAUa\/hbBgAA"}
00404{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347729,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGC+0KCAABrcJ3GJ4TAFBXrf1JAAAAAFAEAACNogAA"}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":586102,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
00411{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685742,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685834,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGKD\/AAAAAAAADdoAAZnTAACQAA=="}
00412{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735425,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA1AABARGhDIuX3iCggAARdwvvoAGND\/AAAAAAAADdoAAZnTAABgAA=="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735516,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL5HAAAAAAAADdoAAlupAACQAA=="}
00411{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA5AABARA6XIwpRDCggAARdwyXEAGO5HAAAAAAAADdoAAlupAABgAA=="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806470,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGGTWAAAAAAAADdoAAuOuAACQAA=="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":801312,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGJCGAAAAAAAADdoABKxeAACQAA=="}
00411{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865307,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA9AABARA6XIwpRCCggAARdwpnwAGMCGAAAAAAAADdoABKxeAABgAA=="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865399,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGGvdAAAAAAAADdoABM0IAACQAA=="}
00411{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935162,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABBAABARA6LIwpRECggAARdwqnkAGJvdAAAAAAAADdoABM0IAABgAA=="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935254,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLKfAAAAAAAADdoABbA\/AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820951,"pkt_ts_usec":932141,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGJu8AAAAAAAADdoABbltAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820952,"pkt_ts_usec":931622,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGDyZAAAAAAAADdoABeFcAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820953,"pkt_ts_usec":931775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGP9hAAAAAAAADdoABgTEAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820954,"pkt_ts_usec":931988,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGAf9AAAAAAAADdoABloAAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820955,"pkt_ts_usec":933026,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGNz1AAAAAAAADdoABltPAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820956,"pkt_ts_usec":931836,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGMFvAAAAAAAADdoABnqLAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":932110,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGKK2AAAAAAAADdoABqTdAACQAA=="}
00412{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985150,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABFAABARE6PIwoRCCggAARdwq8sAGNK2AAAAAAAADdoABqTdAABgAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985242,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGIZAAAAAAAAADdoABqZqAACQAA=="}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820958,"pkt_ts_usec":981671,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGEQwAAAAAAAADdoABxYcAACQAA=="}
00411{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35290,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABJAABARE6HIwoRDCggAARdwmREAGHQwAAAAAAAADdoABxYcAABgAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35351,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHB\/AAAAAAAADdoAB7TmAACQAA=="}
00413{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95105,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABNAABARE5\/IwoRECggAARdwzfYAGKB\/AAAAAAAADdoAB7TmAABgAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95196,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGDoLAAAAAAAADdoAB90SAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820960,"pkt_ts_usec":101788,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGBIjAAAAAAAADdoACAGNAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820961,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGAmjAAAAAAAADdoACRl0AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820962,"pkt_ts_usec":101819,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGEXvAAAAAAAADdoACRqlAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820963,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGMqYAAAAAAAADdoADHkgAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820964,"pkt_ts_usec":101849,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGL1eAAAAAAAADdoADHsIAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820965,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGI6AAAAAAAAADdoADHv8AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820966,"pkt_ts_usec":101330,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGKGGAAAAAAAADdoADHzSAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820967,"pkt_ts_usec":101727,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGNXsAAAAAAAADdoADH2JAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820968,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGIaLAAAAAAAADdoADH5fAACQAA=="}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820969,"pkt_ts_usec":101269,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGKbHAAAAAAAADdoADrlDAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820970,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="}
00411{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":175091,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABRAABARDVnIuYqSCggAARdwzCEAGARmAAAAAQAADdsAAUyUAABgAA=="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":175152,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGJ\/qAAAAAQAADdsAAZrmAACQAA=="}
00412{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":265057,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABVAABARGgjIuX3iCggAARdwvvoAGM\/qAAAAAQAADdsAAZrmAABgAA=="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":265149,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL1RAAAAAQAADdsAAlydAACQAA=="}
00411{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":335217,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABZAABARA53IwpRDCggAARdwyXEAGO1RAAAAAQAADdsAAlydAABgAA=="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":335278,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGKzSAAAAAQAADdsABZAPAACQAA=="}
00411{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":405408,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABdAABARA53IwpRCCggAARdwpnwAGNzSAAAAAQAADdsABZAPAABgAA=="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":406842,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="}
00411{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475323,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABhAABARA5rIwpRECggAARdwqnkAGMfzAAAAAQAADdsABqDuAABgAA=="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475415,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820972,"pkt_ts_usec":471448,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820973,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820974,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE8vAAAAAQAADdwABc7DAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820975,"pkt_ts_usec":471997,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+WAAAAAQAADdwABfSNAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820976,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB5FAAAAAQAADdwABkO1AACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820977,"pkt_ts_usec":471478,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820978,"pkt_ts_usec":471356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="}
00412{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565289,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABlAABARE5vIwoRCCggAARdwq8sAGOWJAAAAAQAADdwABpIHAABgAA=="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565381,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
00412{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":561383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="}
00412{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615033,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABpAABARE5nIwoRDCggAARdwmREAGIMTAAAAAQAADdwABwc2AABgAA=="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615124,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="}
00412{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685010,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABtAABARE5fIwoRECggAARdwzfYAGKylAAAAAQAADdwAB6i9AABgAA=="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685101,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820981,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820982,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820983,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF3iAAAAAQAADdwACQKvAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820984,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOaZAAAAAQAADdwADF0cAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820985,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNpxAAAAAQAADdwADF3yAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820986,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKvQAAAAAQAADdwADF6pAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820987,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL8TAAAAAQAADdwADF9CAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820988,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPOYAAAAAQAADdwADF\/aAACQAA=="}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820989,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKSTAAAAAQAADdwADGBUAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820990,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLjEAAAAAQAADdwADqdDAACQAA=="}
00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820991,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKy\/AAAAAQAADdwADqgZAACQAA=="}
00411{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOZEAAAAAgAADd0AATqyAACQAA=="}
00411{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":745099,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABxAABARDVHIuYqSCggAARdwzCEAGBZFAAAAAgAADd0AATqyAABgAA=="}
@@ -246,95 +246,93 @@
00412{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25220,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAB9AABARA5XIwpRCCggAARdwpnwAGO1\/AAAAAgAADd0ABX9fAABgAA=="}
00411{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25311,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKgIAAAAAgAADd0ABpDWAACQAA=="}
00412{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125256,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACBAABARA5LIwpRECggAARdwqnkAGNgIAAAAAgAADd0ABpDWAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIg4AAAAAgAADd4AAsBGAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820994,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLxBAAAAAgAADd4ABaaXAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820995,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK16AAAAAgAADd4ABaepAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820996,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGFCaAAAAAgAADd4ABc1VAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820997,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA90AAAAAgAADd4ABfSsAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820998,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB3IAAAAAgAADd4ABkQvAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820999,"pkt_ts_usec":121350,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPM5AAAAAgAADd4ABkUFAACQAA=="}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821000,"pkt_ts_usec":121411,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNI4AAAAAgAADd4ABmm8AACQAA=="}
00413{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLbWAAAAAgAADd4ABpC3AACQAA=="}
00413{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":184949,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACFAABARE5PIwoRCCggAARdwq8sAGObWAAAAAgAADd4ABpC3AABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":185071,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJr5AAAAAgAADd4ABpGrAACQAA=="}
00413{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":181775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFLyAAAAAgAADd4ABwdUAACQAA=="}
00413{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235699,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACJAABARE5HIwoRDCggAARdwmREAGILyAAAAAgAADd4ABwdUAABgAA=="}
00413{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235821,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGINPAAAAAgAADd4AB6IQAACQAA=="}
00414{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314892,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACNAABARE4\/IwoRECggAARdwzfYAGLNPAAAAAgAADd4AB6IQAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314953,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEydAAAAAgAADd4AB8p6AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821003,"pkt_ts_usec":311322,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCJUAAAAAgAADd4AB\/FWAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821004,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGFyuAAAAAgAADd4ACQPgAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821005,"pkt_ts_usec":311841,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCEZAAAAAgAADd4ACQH4AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821006,"pkt_ts_usec":311749,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOVGAAAAAgAADd4ADF5sAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821007,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNkAAAAAAgAADd4ADF9gAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821008,"pkt_ts_usec":311902,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKp9AAAAAgAADd4ADF\/5AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821009,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL3BAAAAAgAADd4ADGCRAACQAA=="}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_tot_l4_data_len":10113,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2784,"flow_avg_l4_data_len":722,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_tot_l4_data_len":848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":568,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821010,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPInAAAAAgAADd4ADGFIAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821011,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821012,"pkt_ts_usec":311566,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821013,"pkt_ts_usec":311413,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
00412{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYEAAAAAwAADd8AATrvAACQAA=="}
00412{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":375073,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACRAABARDUnIuYqSCggAARdwzCEAGBYFAAAAAwAADd8AATrvAABgAA=="}
@@ -346,93 +344,93 @@
00412{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585400,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACdAABARA43IwpRCCggAARdwpnwAGOwtAAAAAwAADd8ABYCuAABgAA=="}
00412{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585492,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKcRAAAAAwAADd8ABpHKAACQAA=="}
00412{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655194,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAChAABARA4rIwpRECggAARdwqnkAGNcRAAAAAwAADd8ABpHKAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655285,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIdgAAAAAwAADeAAAsEbAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821015,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLvjAAAAAwAADeAABabyAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821016,"pkt_ts_usec":651837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1YAAAAAwAADeAABafIAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821017,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE\/BAAAAAwAADeAABc4rAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821018,"pkt_ts_usec":651745,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+uAAAAAwAADeAABfRvAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821019,"pkt_ts_usec":651349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB7YAAAAAwAADeAABkMcAACQAA=="}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821020,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPQqAAAAAwAADeAABkQRAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821021,"pkt_ts_usec":652356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNJTAAAAAwAADeAABmmeAACQAA=="}
00413{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLItAAAAAwAADeAABpVdAACQAA=="}
00413{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695019,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAClAABARE4vIwoRCCggAARdwq8sAGOItAAAAAwAADeAABpVdAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695111,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJYxAAAAAwAADeAABpZwAACQAA=="}
00413{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":691357,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFQBAAAAAwAADeAABwZCAACQAA=="}
00413{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACpAABARE4nIwoRDCggAARdwmREAGIQBAAAAAwAADeAABwZCAABgAA=="}
00413{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735272,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGH4sAAAAAwAADeAAB6cwAACQAA=="}
00413{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795178,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACtAABARE4fIwoRECggAARdwzfYAGK4sAAAAAwAADeAAB6cwAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEzXAAAAAwAADeAAB8o9AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821024,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCNFAAAAAwAADeAAB\/BiAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821025,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF2AAAAAAwAADeAACQMLAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821026,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGB8PAAAAAwAADeAACQP\/AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821027,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOUlAAAAAwAADeAADF6KAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821028,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNjAAAAAAwAADeAADF+dAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821029,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKo9AAAAAwAADeAADGA2AACQAA=="}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821030,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL2BAAAAAwAADeAADGDOAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821031,"pkt_ts_usec":791424,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPIFAAAAAwAADeAADGFnAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821032,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKLiAAAAAwAADeAADGH\/AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821033,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfoAAAAAwAADeAADqgZAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821034,"pkt_ts_usec":791791,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKvFAAAAAwAADeAADqkNAACQAA=="}
00412{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":791333,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYfAAAABAAADeEAATrRAACQAA=="}
00413{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":895062,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACxAABARDUHIuYqSCggAARdwzCEAGBYgAAAABAAADeEAATrRAABgAA=="}
@@ -444,68 +442,70 @@
00413{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAC9AABARA4XIwpRCCggAARdwpnwAGOxnAAAABAAADeEABYBxAABgAA=="}
00412{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105115,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKdLAAAABAAADeEABpGNAACQAA=="}
00413{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155347,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADBAABARA4LIwpRECggAARdwqnkAGNdLAAAABAAADeEABpGNAABgAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155499,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIc+AAAABAAADeIAAsE6AACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821037,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLuEAAAABAAADeIABadOAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821038,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGKz5AAAABAAADeIABagkAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821039,"pkt_ts_usec":151471,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE9jAAAABAAADeIABc6GAACQAA=="}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821040,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA63AAAABAAADeIABfVjAACQAA=="}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821041,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB9PAAAABAAADeIABkKiAACQAA=="}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821042,"pkt_ts_usec":151410,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPSDAAAABAAADeIABkO1AACQAA=="}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821043,"pkt_ts_usec":151593,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNE+AAAABAAADeIABmqwAACQAA=="}
00413{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":151837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWfAAAABAAADeIABpHoAACQAA=="}
00414{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555127,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADFAABARE4PIwoRCCggAARdwq8sAGOWfAAAABAAADeIABpHoAABgAA=="}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555249,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJnBAAAABAAADeIABpLdAACQAA=="}
00413{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":551404,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFRaAAAABAAADeIABwXmAACQAA=="}
00414{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":604962,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADJAABARE4HIwoRDCggAARdwmREAGIRaAAAABAAADeIABwXmAABgAA=="}
00413{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":605023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHtMAAAABAAADeIAB6oNAACQAA=="}
00415{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664807,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADNAABARE3\/IwoRECggAARdwzfYAGKtMAAAABAAADeIAB6oNAABgAA=="}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664868,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3JAAAABAAADeIAB8lIAACQAA=="}
00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test"}

14
test/results/IEC104.pcap.out
View File

@@ -1,12 +1,12 @@
00383{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":495135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":520615,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":532081,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00415{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":536185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":731206,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":739193,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
00442{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629089,"pkt_ts_usec":467434,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eCvLK7lWABIAxkrACABFAABDF19AAH0GlRQKr9MBCndpGglk1fBIoLt9AFkTVVAY\/em4zAAAaBksfkK5JAEDABQpy7ICzcwsPgCU3AKKIwoL"}
@@ -18,6 +18,6 @@
00563{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":298203,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"eCvLK7lWABIAxkrACABFAACaGK9AAH0Gk20Kr9MBCndpGglk1fBIoL1FAFkTVVAY\/emmigAAaFUyfkK5JAUDABQpDw8bAACAPwAF3wKKIwoLDw8ZAAAAQgAF3wKKIwoLDw8eAACAPwAF3wKKIwoLDw8SAIDDQgAF3wKKIwoLDw8Qq6q0QgAF3wKKIwoLaBk0fkK5JAEDABQqDw4Rq6qwQgAF3wKKIwoL"}
00408{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":496349,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoMG9AAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC9t1AQAPxRXAAA"}
00444{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":498077,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eCvLK7lWABIAxkrACABFAABDGPtAAH0Gk3gKr9MBCndpGglk1fBIoL23AFkTVVAY\/emDkQAAaBk2fkK5JAEDABQpy68CzcwsvgA94AKKIwoL"}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_tot_l4_data_len":843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":70,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test"}

1072
test/results/KakaoTalk_chat.pcap.out
View File

File diff suppressed because it is too large Load Diff

6632
test/results/KakaoTalk_talk.pcap.out
View File

File diff suppressed because it is too large Load Diff

8
test/results/NTPv2.pcap.out
View File

@@ -1,6 +1,6 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00883{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865383,"pkt_ts_usec":632810,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test"}

8
test/results/NTPv3.pcap.out
View File

@@ -1,6 +1,6 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865405,"pkt_ts_usec":371462,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test"}

8
test/results/NTPv4.pcap.out
View File

@@ -1,6 +1,6 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865396,"pkt_ts_usec":190857,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test"}

8
test/results/Oscar.pcap.out
View File

@@ -1,5 +1,5 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":176482,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205258,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
@@ -15,6 +15,6 @@
02230{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":315224,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"DE3pmjdIAAxCW5ILCABFAAV4eAxAAG8Gm2yy7Rj5Ch4dAwG7933\/L+sGvaBuJVAQQACxfQAAKgIZjwZzAAEABwAAAAAAAgAFAAEAAABQAAAJxAAAB9AAAAXcAAADIAAAFtsAABdwAAAAAAAAAgAAAFAAAAu4AAAH0AAABdwAAAPoAAAXcAAAF3AAAABAAAADAAAAFAAADBwAAAnEAAAH0AAABdwAAA2sAAARlAAAAEAAAAQAAAAUAAAVfAAAFLQAABBoAAALuAAAF3AAAB9AAAAAQAAABQAAAAoAABV8AAAUtAAAEGgAAAu4AAAXcAAAH0AAAABAAAABAV0AAQABAAEAAgABAAMAAQAEAAEABQABAAYAAQAHAAEACAABAAkAAQAKAAEACwABAAwAAQANAAEADgABAA8AAQAQAAEAEQABABIAAQATAAEAFAABABUAAQAWAAEAFwABABgAAQAZAAEAGgABABsAAQAcAAEAHQABAB8AAQAgAAEAIQABACIAAQAjAAEAJAABACUAAQAmAAEAJwABACgAAgABAAIAAgACAAMAAgAEAAIABgACAAcAAgAIAAIACgACAAwAAgANAAIADgACAA8AAgAQAAIAEQACABIAAgATAAIAFAACABUAAgAWAAIAFwACABgAAgAZAAMAAQADAAIAAwADAAMABgADAAcAAwAIAAMACQADAAoAAwALAAMADAADAA0AAwAOAAMADwADABAAAwARAAMAEgADABMAAwAUAAMAFQADABYABAABAAQAAgAEAAMABAAEAAQABQAEAAcABAAIAAQACQAEAAoABAALAAQADAAEAA0ABAAOAAQADwAEABAABAARAAQAEgAEABMABAAUAAQAFQAEABYABAAXAAQAGAAEABkABAAaAAQAGwAEABwABAAdAAQAHgAEAB8ACAABAAgAAgAJAAEACQACAAkAAwAJAAQACQAJAAkACgAJAAsACwABAAsAAgALAAMACwAEABMAAQATAAIAEwADABMABAATAAUAEwAGABMABwATAAgAEwAJABMACgATAAsAEwAMABMADQATAA4AEwAPABMAEAATABEAEwASABMAEwATABQAEwAVABMAFgATABcAEwAYABMAGQATABsAEwAcABMAHQATAB4AEwAfABMAIAATACEAEwAiABMAIwATACQAEwAlABMAJgATACcAEwAoABMAKQATACoAEwArABMALAATAC0AEwAuABMALwATADAAEwAxABMAMgATADMAEwA0ABMANQATADYAEwA3ABMAOAATADkAEwA6ABMAOwATADwAEwA9ABMAPgATAD8AEwBAABMAQQATAEIAEwBDABMARAATAEUAEwBGABMARwATAEgAEwBJABMASgATAEsAEwBMABMATQATAE4AEwBPABMAUAATAFEAEwBSABMAUwATAFQAEwBVABMAVgATAFcAEwBYABMAWQATAFoAEwBbABMAXAATAF0AEwBeABMAXwATAGAAEwBhABMAYgATAGMAEwBkABMAZQATAGYAEwBnABMAaAATAGkAEwBqABMAawATAGwAEwBtABMAbgATAG8AEwBwABMAcQATAHIAEwBzABMAdAATAHUAEwB2ABMAdwATAHgAEwB5ABMAegATAHsAEwB8ABMAfQATAH4AEwB\/ABMAgAATAIEAEwCCABMAgwATAIQAEwCFABMAhgATAIcAEwCIABMAiQATAIoAEwCLABMAjAATAI0AEwCOABMAjwATAJAAEwCRABMAkgATAJMAEwCUABMAlQATAJYAEwCXABMAmAATAJkAEwCaABMAmwATAJwAEwCdABMAngATAJ8AEwCgABMAoQATAKIAEwCjABMApAATAKUAEwCmABMApwATAA=="}
00808{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":316067,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"pkt":"DE3pmjdIAAxCW5ILCABFAAFReA1AAG8Gn5Ky7Rj5Ch4dAwG7933\/L\/BWvaBuJVAYQACc7wAAqAATAKkAEwCqABMAqwATAKwAEwCtABMArgATAK8AEwCwABMAsQATALIAEwCzABMAtAATALUAEwC2ABMAtwATALgAEwC5ABMAugATALsAEwC8ABMAvQATAL4AEwC\/ABMAwAATAMEAEwDCABMAwwATAMQAEwDFABMAxgATAMcAEwDIABMAyQATAMoAEwDLABMAzAATAM0AEwDOABMAzwATANAAEwDRABMA0gATANMAFQABABUAAgAVAAMAIgABACIAAgAiAAMAJQABACUAAgAlAAMAJQAEACUABQAlAAYAJQAHACUACAAlAAkAAgAGAAMABAADAAUACQAFAAkABgAJAAcACQAIAAMABAABAB4AAgAFAAQABgATABoABAACAAIACQACAAsABQAA"}
00411{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":316149,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAxCW5ILDE3pmjdICABFAAAorgZAAEAGAAAKHh0Dsu0Y+fd9Abu9oG4l\/y\/xf1AQ\/\/\/zIQAA"}
00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_tot_l4_data_len":6898,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_tot_l4_data_len":6898,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test"}

4784
test/results/WebattackRCE.pcap.out
View File

File diff suppressed because it is too large Load Diff

56
test/results/WebattackSQLinj.pcap.out
View File

File diff suppressed because one or more lines are too long

3968
test/results/WebattackXSS.pcap.out
View File

File diff suppressed because one or more lines are too long

26
test/results/aimini-http.pcap.out
View File

@@ -1,12 +1,12 @@
00388{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383219,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383751,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384335,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384749,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQQAAH8GIfYKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEoVQAAAgQFtAMDAQA="}
00420{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBPoAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAEU6QAAAAAAAAAA"}
01211{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384782,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"5kBKB+riApXG95NLCABFAAJ7BPsAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEXPAAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00420{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385479,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBPoAAH8GIggKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAFUGQAAAAAAAAAA"}
01211{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385584,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"ApXG95WRWgXZu6TVCABFAAJ7BPsAAH8GH7QKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEVCwAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="}
02404{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385643,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQUAAIAGAAAKZgACCmUAAgBQb1Wbu5n8m7uIJVAYgAEanQAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ2OQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwNjo1OToxNSBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NCwgbWF4PTEwMDAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMDE2MA0KDQoyN2EzDQofiwgAAAAAAAD\/7X15c9u4lu\/\/qcp3QDN1Y3taliXZsiw70r2yLac1461lp\/ulpqZcFAlJ7FCkmosVTaa\/+5wF4KIFdvr2fVWv6iVdHZEAgYMfzg4Q\/DBNZn737ZsPU2m7+G\/iJb7sXkTSTqSwRSAXwnacMA0SsS+uhv3+D\/DvjZyNZPThgCvDUzOZ2GKaJPN9+XvqPXesizBIZJDsPy7n0hIOX3WsRH5NDrDLM2dqR7FMOmky3j+xsjYCeyY71n\/I5SKM3Ljw5Ke5H9puRVyGi4B\/PUALEv8JFxVxk8aeUxG\/eK4MK+IjtBJXxL1vL+H\/Mpz7crWLSxk7kTdPvDAo9IJtesFE2IErXC9OIm+UJnhjGaaRgK7FfBom0MMzdzTDbkUYiGTqxWIhR7GXyOpqX8NwFCbFwdi+b3UFVPK94IuIpI89h1HipIkYOEjRNJLjjoWInh4ceLNJ1fZmXuBVA5nApT2R8cHYfvagbhX+Z4kEcO5YVHLwdR\/vExF5++dh+GVmR1\/+mqaR9jhZwuRXoaFv53fDy\/5wfzj4+NPj6bt+\/6p+1RD1+VcRh77nnqnix7v703dX9Ge98Lp\/ZXj0\/O7x8e7m9N1l67LdL5X3Lv7j4\/Du0+2lbvqPt2+AptH30NRv9dubCv8Kmvr4l2iK4xWatkHxCpy2lWqaeo3zxvnJyziNVmm6bPZr\/d6fo6l2dXjVNOC01vRmmp6\/B6b++VXj6vLPwrT+9CaSkKjoKfmyyudGwi7pz1bCWvjXgNXa0wXCiKUYKyRrldW3tf2aKXyBrPWni3jRw4xX4rr1+qoIbpmqV8zjttLvnsdRANpqDGp4P\/b+W57Wm\/OvZ3Q5tmeevzz9RUauHdh8byG9yTQ5HYW+e7bw3GR6elLjZsZxsRHo9g+6OdvYdLEZJ\/TD6PRdo3F42GqdgXaW+1Murh82\/8atJE6xmZMVCi\/CGVicBzuIxc3D9g5qrdbV1Rma231XOmFko6E7DcJAUiclShuKfnuUfFPPXzbw78bnzwzwPTN8lcSehrN1FBm8WfBNjbl2VqZi63Auavh363Bmwei7mzxv4d\/tTSbbWqRBJPbIl982DR38B9s\/K3OH7rPZbPaavU3Tbn\/bCLV6rt48alxeYrXTaQgd6Vmq1Xq9en1tDGngygg7oSeePfRJ3G+rbb19A7b\/2wjcLBmdMl+Pw2j2DZyEiRec1oDsue264Pzgbygfhe5yS+mZagbHWpTqC\/ojai\/ok4Yu\/+PDAXsVHx4uhoP7R\/Y9dshr\/M1+ttll2xG+HUxS8Ec6O\/8Odx\/4bvfDD\/v7MIg0cBAGEYT9KIp3975FMkkjcNGiVJ79AZ7LwgvccFEFgKMojDpc7wzwGO8m4fyHTiz98d43vqr6oUOo7hUvqEp2dSb9WIpS+Y5yrxaLRdG9CsLkKU5H4wjcwiq6wTtnBPyzHYHL+eS5nZ3azll2PQudlTt+OJlIQL0ztqHPM6ELnuWTk0a\/hV4QJ+C4d2pnQpXN01GcbCp8++bg4O2boBOArzexkzCCXtyOGzrpDHw="}
@@ -16,14 +16,14 @@
02385{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385650,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQkAAIAGAAAKZgACCmUAAgBQb1Wbu7DMm7uIJVAYgAEanQAAlONVAAp6n4IpZpbWOnPOHqkbkowRF8xsfJ0FBoEq8hQUc8YWz6k\/sYHJgIKxHQB99ghae4YfENDgo4A+PCPHqZ+9AIL35Nc5srpHBkbOAQOJth7I8tMIbqEPV2GmmkB8MqUywD\/V2j8mmQ7R3uDLNhW4HPv2bIaHd6BAQVDxhayKnXEt0wSjID0EcZIHGgXkF1+uJdF6+wYMEJ7Owa2gGJCsoJqr4ASDDrEndDGJwjgGyS32WuH93cD9XgwYulRxHNmpC9wTJEiijdbFRnLTYGx7AFyGJLUIuNiTieQhIp1pQEdX2KhZcbIdH9RBXMm5FMVjHnnPNphltiQ0aOT+qRe5pPaAMhhYGrAIgF+zhDmJZjgnIZrLsQxwzpBn8MHcpmAxaJVZGoBSVxCV5IP5NDO42roVulZPkXR4bMfUcQpS8O4zIhhmBnmGZwX0ZEAIEAVwB25MaANbBT2QCr5u5SVQiEe4pBQZfWVqPcA5ww76tNnaV3jKx2hT0FijAM5QgqKYHaQlXAYBCC3w8RRcBOUZ+fZiddRkTOw51APUWXuDSwQChZsNaVRclWjgiUD4HG+ODEhnzgBTSBgLw+vhGzHZaKFDQAHYBbGYpH42FrAr0C3oekUPsw8xIDwPA4PO0e6swr+D8051opS0BdisfL5UYz452k44X9J8ojKNlHPK45QQTy1zLaDG9QUYBadSzb02e4iBEu+CjVV+PNoKdtHI29JN6lHFjLBSbjhXSK8dEDE7sXbGKgVXTEfFqDuWoAlmaFLQ4bNjTQbARIQUHd5H7XU+8PM5nyJQcWUV2EqGycKLJckPkVoSxFiCeCv\/R6tTJRKKTGRWplLrY3SweVRxPiwV7ZMPlPnaOEXApI5S+mGkfBPyykBVhelkWhTE3JWHKzz8En6h1o\/VWC1UXfjG7rrQqzhiV1YnVSQFpTSSc0mtwTMxcTtlhJgYNUXsEqmAYWZ\/kahPo3DCWrmkbFCvYF5DBWC6gZyOPSW12GuMOo5GwcZMMRNFLcpwq0H92hveQph9Knril8HddQ+jWnF3xRE5xOIf7zAI\/\/hpcNm\/HtxCMH3T+wxhOgS6V\/3hsA+h+5247v0q+rdQ+6J\/07+FqPnT4093QwiQ+w\/Uy1AiW2lVw\/Hlr3YUoZZGnwy95kjXodIFlzLT79p7FHqoQXj5CwTakBOXYiuArJpQ+MVBHCqscrTqhFEkHe4I+C\/CE6vE7mgv895LcidtUH65MxAxTbqqLydA2jJzW9XsQutAHYd0a5JM6jRrcjfeI5+LDFMazUOS6dXo7oyo3XWYSPZoYGzA3chckbIsIBDhghlKUwRcSVAkxCvk5RTbparoEYHsYqBLbrWTxNmrskgKdQmSTVEeT9c4jYj9DNNWBo5ICgpK0eXXJxAwbNsLTsWut0dRDeDJuhnjzfnc9xzKLYCyj9kkQNgTV3IdzxyVG4AYptODtpRLNoqIFKxDwOX3JNPkpoQSUE+iX3YL2BsqCLkXOH7Kzsqi6IuqiCV\/GjWij3lvVBJoGCS5FnNMRDik9SLtilSK\/UZIEAbYHFVjZiedsW1JpMO96JQnKCxtskFlJBX2QIIE0+MILJr4WDGPh5gg0yIAEC8F7Cpi4IEu575WTyXFjfoapxekSCsOSjRcaOsnLnDGML4FSVbCh+GvRC5ied0AA+LDQetaMEmhDuVKMJwcYe4LTK3OzQCPLZm\/EBeYEOSF3BajdsAAjZkbtTqmrBZ0nNVYKW6qgFoxN9DBqjev4k4kJR\/pxxQ5xBSITrDGWhgqdvM2cCYGRUTuNSL3IbDFcnsqLE8HZ6M92BOsXwupmkyj4phjmDx\/uZaOoBgx1z+VnKdJ5nRoh7RqjPCQL5xkSRJHRUg3q2GS4HBcUd41FgBMc36hIvPtGGLwSpA58gy8yg652AY2TTpqa5qrSCvpCo\/oIX1RUPMEJkGBANE="}
02403{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385651,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQoAAIAGAAAKZgACCmUAAgBQb1Wbu7aAm7uIJVAYgAEanQAAC4h3IHYTRW8Ic+DKWeCNlwosSk7BfU\/fr2BkIwNOxVAaRbMIRq+Y2EMHJHMaUDNB5OEBZ6DIYfiDRibE4AyMOLgy+Au8ND9cSqkHnSu33AdFySdHAv0F+Yz61HbBtUlAHCPyh8DkO8r+Qf2A7kI74CiE+U\/qhHSHj+EQ60itGqDeHliTkLgQvAvgEUsjgpLGb+sBa1h75Lr56JxSvowzeRiBcc6Arn2\/6ENnQVdBOfkQrPGYwcdE6kAdZfPo2vjqEYkpe3JJ4ivrNFOOHit4FY4pswthgUTmHZEnl5TI2jgYaCbyYs4ZYBRWKXpkIBacesUsC9ZT+eTPKnOlzfgDeITcFnttVK5MjI4kgXW3JWgLrz+KocpkFlLZkcTollerMDQGnvoNfZV1odAJflAgHM0q\/bH7Yk49VyTK+uzP6dGDfyLTjniQr5WPDsVK1S8K7Qig50RJtqRbchLU4X7Fpkoiiqq\/QFGWQlan7jt+GCsdUhQondPw82Q\/MVKRYHasybsp+2M0r3MaizreXyIb4sVnztpCJxixUjPK31SyzeY6H\/4aZTQgQABhhUd\/g4Aodj2HPWVSayR8WSIYLCRlE9Eb4sT1Z5VTLDESLR3o6SqOEvpQ5oBgwgVwV8kTVEd3ssI8ADMP3DcPYawklHRilfLwtDYBL1DQy4XkjpGnGeOr6l485ayVjByUJFSZ3EfByVHqVUktF7PqyEZCE4p3iLvKSxKsFCjJSB6dJH3j06gAEnBqwBd+xhyITmkq9kgjmQXURWTwNBqMPHHwxYwMye1jLnBabIkpnS9BuPClOymzJkyHopn9cvrYBRFMcbKMS4Zs3Y+kZzf7Cdw9REWUe\/MCjH6kHy7IjGt\/foUDi9o2N8N0yie4lNMg9MPJMpvk4i1s7zzC\/19Jyvxlaly3RylobXTcQqKXlUSR2Vlr5hFUNnm2Q9FGniNTiFWylA8ghsNjJlsd3aYMBlgRnHiQHy9Y08SlzmehS\/bedu15ohalfMo7QVtzxAgYHBQlyR4nFnBo6CCgB+Jx9gmTD3hgC3iWEpkOs2lxDN4Ir6jkHnUhWUPtopdG2g9PktBGNgOxkAfJFgdQeNSLq0q\/oNfPxziVs0GOPtuJsqLkLJOOBz7DkzALuSAdUOi8iLJ4WdJkE+xhOd9VlKXMsKJXl4QriHOWHsgexRCA84hsH0PUjDlzj54XAiprXLgx56bUCz8Tk3v2NbPvKncseclJJTK\/A+cqOknbRbK4sKzdIkWP\/KoSMWuGUwV5c5s8bspn5kOnS+Ah\/G4Kzg6OARcy80iQq8zCKFetdAeY2KX8GqBfuIPnbvElJ0TJhZaJlzeVR6fF5lYy5nRPR\/R6qNsmo4JyuaDzckl35E8UeClGEQrkggIN+TXBpJe6GydhVEgcRXJfnUXO6bAs9gA9TKsncMkLSjDBwJDKrZDjMfpRIL6+uwCbqLS6WiuG1s\/EBUYSvl9wOdgjoxUl0+pfaZmvkq+AB0U3jRbatKJ3bMrT5stuVVE03l7wjNslJiS7CBgvui91Enip06hriq3oAeStV\/SiG8aDhZW3SmGxnKaQfRntYJZcmLzmakBGTiPEdAGlDor15IprxP4xnrGdIaGW+bxgEwHATOT9rq5J8rqutpXkEF\/rWONMXNGk39i\/SVyoEv3\/Q3t4cENO7\/Yzbgvq39wOrnBvEOY61X6eq8Fl\/\/Zx0LsePH4Wd+fXg4893p70U3\/Y\/wTPDAU08Pnu01CcD\/u9i58wScrtPfavr\/sXj5961+J+eHffH0IL9NkS2ix0AI\/h7eGg\/9gbcv1h\/wEKh31Mt95+xBQqbRW6v79WVFVwW9Ptnej\/gvnUh59619eiP4BK0FYP2z\/vi+tB7\/y6L5i2x58G0NvHYZ8zsHqwMLCH\/s+feGQV8XDfv6AfuDdqCDRXAJ3+zf01EFbB8d1\/uh08Dn7pi8s="}
02405{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385653,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQsAAIAGAAAKZgACCmUAAgBQb1Wbu7w0m7uIJVAYgAEanQAA3k3vY\/9B\/PpTn3oFcqCtx2EPn3m8Gz4K1cMdFV\/3P8Lo4ecdNoRU40aqh08AE9P7U+8BaIbbvctfBg\/9S51ivr97eBicDxh19YTuG2fm9u7xVxj3wyNcIFTY5VVvcP1p2Mf6\/YcHHhtQPoS2+npWrkEOHqGbIeBx+RmYAMMzjk4LLpvyvik7y9qLamDeiTKmlHNaz5mCcVuqTTy88F\/ixCzq5dUrV3B6M\/d89Dpz\/hQlqcCNiWPeEiJGduxlcd7IjtBHznaCZXKF6Y1b6RUo521DnB4GeclJ0RIESt9P1dnu0if1hgmCzDRhHUdv\/YIelyFRLYvBNyURQj9LZeslU1OIN8Ez2QOypL46g4t9C7VjjU4282JwqsAFTaa\/p3hgd2bhdbWPoVsB4zNiW672p7El4sS3Gp5K+9yAokOFHsgwjdU2u3wWi\/lDWoMD6KPCEWWb8OaATKU3tUukY3ReIRVsj0AVY7YbXUtt4sQ6J83SOMm2SHB6M+JdDRA6OalafxsBCpqCilrqiPBYXPBl1HYtSoIBQrzF1eVEAftV4+wIQZw4L0il+2LEqp7iUIhyDsRTlIzVXWSOPiIrM86ieJ69ebWooGmjbDpGpLS+yaxKzj+bZjtbgS3s5lhvqLhXJcmMPZr\/SO+agygV3OpI96mTMxRy4pdE1nMzBWZYexxdZ97NuKmlqFRfGS01RLC4+KkXTHCXx640AlAwlb6Ln88IyFNB8aIkaqAkK3si20tDDKXTJmN6uabAnzsULAVsse1MdGdq61nW3obEKnfBdcl1woOyVv2n3C1iN5638fHWPc4A5OmYpVo6yhY2CktIPR1n61hllqki4sbcLduUAc7DZa3esnU\/UIhhguW4B8TV2+1gGHIS0pJN0UHiHYcrMKhNHVlit8RwZa+FtQy4IjZI8ScWi1PRSyei0awIfBVRqBOOS1v+jZvH8RitwoGLL22Y56rZ8UZLXJ5W27Tz84r21Vne7d557+qq8L0l\/nCSeNdqtdtQ8JqDkXLaXnMwkjqHSr2QgUPMuygfQ4lHbv8lfW7\/CMjKkVGjLr1QMGDVBrPjVjgYg4AjLO1ZVXqeJCLJdkjnFqjKW+1xeNtPFH75BMe4fIJj+VDgaZSd8Eafyuu+1cdNbXqDpNi8Yof8BHeBXyLDvtZeTLDejcc1es94cHMPTl7v9rF4Pr3oaVvCSy8yQdzyHcaFvZPFRbIRBqKYzF8\/HbBW4+5oP6zOHUj11kvWb\/XtG\/XaB9WboJkhg6ZW6YChtOT6PkSB2YYLcmnU5tByx+qI1+5\/qm7+sbn4v1Rxnj3H\/AAjgN\/JkVLFpJiY5DQD29l8NIqY6odR1C2drPjizK3KPm9Cz2T9gS5B3y1+yE5xVzVKL2rUW63sPY3D+vo37QpH+x8zX2w7KNN8LGSB8O+vUjh5Wx88\/72H228heuubO684UB6u+KD7P3P8PX5A7Znf76FT+PDovQ0fNAJJwhUZShnI6GBRnU\/nf396eprOOshvT3gu66f50\/snf\/rUsX7MlGTp82o\/Wu+fnoa4Ya9Uh7bwRTL60drJNY86zE+roFoXP6uVPYL+p\/SDXaK8dGY\/jxl\/BmH+W49swztMrx4ZYvfUeboNn94TxZ0tB+EaxoAEFsha1beGL3y08AyYt\/rbIPo7KHymv1KS+AEW9cWOj2GI2\/8Zkj\/9VRRwBqB6x3rKXjvc8i0TJC77TAt9RnZtHFtpLz03sgqoFB7Jv12ivmby0idMfln5hAm+P7H9GyYQq0nyIkE3jbxMMam9P6cCP1Rpdfv5KefZCgRY2Q8H9PiqGlz5Fgq\/Wo4fP1n9GIrSk+rrG9A9EEcNFWQ++4pLx+J\/sy\/h4CH\/1toYRtvGoLRxnH3YZbaFfK2jlcbOP7vBgGpqR2vUbvrgxdb7WoluYV20\/JGp4RVvpfy9jPJnyVa\/G\/bSN+8K3Lc="}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385965,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386298,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386303,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386479,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQ0AAH8GIe0KZgACCmUAAgBQb1abu8Cxm7u7ZnASgAHMCQAAAgQFtAMDAQA="}
00419{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386481,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBQAAAIAGAAAKZQACCmYAAm9WAFCbu7tmm7vAslAQgAEU6QAAAAAAAAAA"}
01114{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386487,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"5kBKB+riApXG95NLCABFAAI0BQEAAIAGAAAKZQACCmYAAm9WAFCbu7tmm7vAslAYgAEW9QAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2lnblVwXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLyZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLw0KDQo="}
00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_tot_l4_data_len":676,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00419{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386780,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBQAAAH8GIgIKZQACCmYAAm9WAFCbu7tmm7vAslAQgAH3zQAAAAAAAAAA"}
01115{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386880,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"ApXG95WRWgXZu6TVCABFAAI0BQEAAH8GH\/UKZQACCmYAAm9WAFCbu7tmm7vAslAYgAHChgAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2lnblVwXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLyZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLw0KDQo="}
00794{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386894,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"WgXZu6TVApXG95WRCABFAAFFBQ4AAIAGAAAKZgACCmUAAgBQb1abu8Cym7u9clAYgAEWBgAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwNjo1ODoyNyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiAyMA0KS2VlcC1BbGl2ZTogdGltZW91dD0yLCBtYXg9MTAwMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQoNCh+LCAAAAAAAAP8DAAAAAAAAAAAA"}
@@ -33,14 +33,14 @@
00761{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388449,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"WgXZu6TVApXG95WRCABFAAEpBRcAAIAGAAAKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAEV6gAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00761{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388751,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"ApXG95NL5kBKB+riCABFAAEpBRcAAH8GIOoKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAGTBAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00420{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRAAAIAGAAAKZQACCmYAAm9WAFCbu7+Fm7vC0FAUgAEU6QAAAAAAAAAA"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388780,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389055,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389059,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
00424{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389220,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBRkAAH8GIeEKZgACCmUAAgBQb1ebu+vKm7vnbHASgAF06QAAAgQFtAMDAQA="}
00420{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389221,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRIAAIAGAAAKZQACCmYAAm9XAFCbu+dsm7vry1AQgAEU6QAAAAAAAAAA"}
01223{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389227,"pkt_caplen":658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":658,"pkt_l4_len":624,"pkt":"5kBKB+riApXG95NLCABFAAKEBRMAAIAGAAAKZQACCmYAAm9XAFCbu+dsm7vry1AYgAEXRQAAR0VUIC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NzENCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9Z09pSm43NXVVOG1XVGZIRUlVNDFybFVCNWVZamN5NlBHeHdOa0VCcHBkWVdaME5QeDNzY0dtTXNVY003eElwQjsgQUNQTD1BNEl2NDZSc3FGT01vcU1uTWo4dTVVS2dOd3NHMHZEdW5aYXJkb0VDbGltOUZ1RmdDTmVZdWNXQ0VKM2pucWhwDQoNCg=="}
00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_tot_l4_data_len":756,"flow_min_l4_data_len":20,"flow_max_l4_data_len":624,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00420{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389517,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRIAAH8GIfAKZQACCmYAAm9XAFCbu+dsm7vry1AQgAGgrQAAAAAAAAAA"}
01223{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389618,"pkt_caplen":658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":658,"pkt_l4_len":624,"pkt":"ApXG95WRWgXZu6TVCABFAAKEBRMAAH8GH5MKZQACCmYAAm9XAFCbu+dsm7vry1AYgAEyxAAAR0VUIC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NzENCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9Z09pSm43NXVVOG1XVGZIRUlVNDFybFVCNWVZamN5NlBHeHdOa0VCcHBkWVdaME5QeDNzY0dtTXNVY003eElwQjsgQUNQTD1BNEl2NDZSc3FGT01vcU1uTWo4dTVVS2dOd3NHMHZEdW5aYXJkb0VDbGltOUZ1RmdDTmVZdWNXQ0VKM2pucWhwDQoNCg=="}
02389{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389630,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBRoAAIAGAAAKZgACCmUAAgBQb1ebu+vLm7vpyFAYgAEanQAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMzozMyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiA1OTEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTQsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/+1d+XLbOJP\/P1V5BwxTY8UTiyIpy7oiTck6nEziI7GTzMy3X7lAEpJo85B5SFays7W1b7Gvt0+yDYCkKImi5LHGmXHZSiyAABqNRqP71yBNvB76ltl8\/uz1kGCdfvuGb5LmyND8wCXeHuq5hKCOM7FNB+uvC7wY6lnEx2jo+6M8uQmMcUNoO7ZPbD9\/MR0RAWk81xB8cusXaCd1bYhdj\/iNwO\/nKwIqxFRsbJGG8I5MJ46re4m2x4FnaHvos6ETB1g5gnrwdXxWBLbef+a87cXM7aEzE0+XCXeIp7nGyDccO0E7aoWwraMRNER9x0V9RjEYsZKpE7gIqqHR0PEpA+OQEYvyxRoOKEtiss+kSM5cPLBwolPbyWtYG5JVDbq3IwOknmghLY\/no6M6frIONk1aC0E107CvkUvMhnA+dFxfC3z0VqPjHrqk3xBoX7VCwbAGIjYswzZEm\/iQxQPiFfp4bEBdEX4JyIdZbAispHCbNxgNxsish0PHubawe70t4pR\/z5+CeolA6tvh6cdO92P+49ujNxe1F91uT+4pSB7dIs8xDb0eFl+cntVe9NjPcuH7bi+j6eHpxcXpce1Fp9ypdufKW+13Rx9PP510ItJ\/PH8GPKl34alb7lbTCrfBU5d+GE+et8DTKlFsIKdVpRFPLeVQOaysl5O6yFOn1JW6rT\/Hk9Qr9koZcloinc7T+C5i6h72lF7nz4ppuXUaS5Qp99K\/XtTzTMY67GclY2X6yZDVUusEY0yluKwoW4uqvor2JlO4hq3l1kl5scacLd3xv2mO6biRjOsq+Avi5pnRqEGxT\/To2sTQ\/WENiHJZqzZYlD4YzLxnfCU1uTS6rbNsH1uGOa19Jq6ObcyvTYgxGPo11TH1OqdTkTiZvpckwqmLfSt5UQkvYjXmtqPQT516wrxONMfF1BfVbMcm9QyexpynPR8PHWuZNdaLN1roux72WenRT0odeaEXTn0PuwY2U1nkNOYGXknntA6+geSHnEW5WPqRN50T\/H7UdGkkvpbVRduxwOWeY9tDx+fL0xSOWpHK5V5v1TCgG8v+FvIn1RcEt4pmW6KflaKxbPXOJA\/L9LOapL+KIhuEj1WTfEvTFD6JC5Md9lkqlVqlVtoU4W+pmhm2k0v7SqdDq9WGDnQUKbUktVqyvDSGwIbVRzthLcaGZ8Ci\/LZI6\/kzQAnf+FKt8bUF6Mv6BnBiYNg1CdgeYV037AFNQ7nq6NMVpeGKp2t9ziq12Q+S1tgdJSr\/43WBo4\/X5+2Pb88uOErJMfx6hceYg8gcMrE9CAC5NHK\/wNVzfrX5+od8HgYR2BoVA7Kdrut6L3e\/uQRwtI18NyD1PwDhTAxbdyYiCNh1HbfB69VBHv2XvjP6oeERs7\/7jedE09GYVHeTGVYlztWJ6RE0V54LgdhkMkkCMdvxL71A7bsAIkUKyHN1JvgxdgHKXhp6Iyfl6nHecrSFK6YzGBCQeqOPoc86igrG5FIL3CvHsD0f+6Qh1VFYNgpUz08rfP6sUHj+zG7YgAoH2Hdc6EVv6I4WWIBoIWMOG9F4RIou4ZLnNczhq9wO5UjnSFg="}
@@ -50,14 +50,14 @@
00878{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389636,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"pkt":"WgXZu6TVApXG95WRCABFAAF8BR4AAIAGAAAKZgACCmUAAgBQb1ebvAKbm7vpyFAYgAEWPQAAucYYa9P8yDENbbqChzNeCZ2xSn8BF2zhrej8E62BLvjS3FLP0ZF96T22eSn6lOww9Fjpqn+\/YxxLS5Zx6Kt3IRu9xD88wzGxVpYD1hfVVvWw2mvuUMWrI0WS5VhoiXMb5k7qmD\/WsY5Y2ezEDk45OplaaKLwKDCUPN4g47hFdd2iXFSU8GyFhdkLB3bcPT7sfkQX3Y\/H56h10kHt05PO24u3pyfn6dMZHcmy4MfTvXuKPYMcPzzmzxwpQw\/THfOxs01TulP6Hyli0ByLikFzAuq1ChNxNBz9fHl5ObQaVESX3Ixf7lyaw8uG8Co+jWrurN1Xws7l5UfSJ+5cHZdecYn7SvgPYaZtoXZGaiexo73iNhN6ephpv2S8z52Ew0dNk7YzS0dju8\/QqPQuG5cnzuUOY7mRri1ZY6AMJtii2VkoV4jOeC3QQ5Sb\/w99HK6xQYUAAA=="}
02390{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389747,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRoAAH8GHDQKZgACCmUAAgBQb1ebu+vLm7vpyFAYgAFM7gAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMzozMyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiA1OTEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTQsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/+1d+XLbOJP\/P1V5BwxTY8UTiyIpy7oiTck6nEziI7GTzMy3X7lAEpJo85B5SFays7W1b7Gvt0+yDYCkKImi5LHGmXHZSiyAABqNRqP71yBNvB76ltl8\/uz1kGCdfvuGb5LmyND8wCXeHuq5hKCOM7FNB+uvC7wY6lnEx2jo+6M8uQmMcUNoO7ZPbD9\/MR0RAWk81xB8cusXaCd1bYhdj\/iNwO\/nKwIqxFRsbJGG8I5MJ46re4m2x4FnaHvos6ETB1g5gnrwdXxWBLbef+a87cXM7aEzE0+XCXeIp7nGyDccO0E7aoWwraMRNER9x0V9RjEYsZKpE7gIqqHR0PEpA+OQEYvyxRoOKEtiss+kSM5cPLBwolPbyWtYG5JVDbq3IwOknmghLY\/no6M6frIONk1aC0E107CvkUvMhnA+dFxfC3z0VqPjHrqk3xBoX7VCwbAGIjYswzZEm\/iQxQPiFfp4bEBdEX4JyIdZbAispHCbNxgNxsish0PHubawe70t4pR\/z5+CeolA6tvh6cdO92P+49ujNxe1F91uT+4pSB7dIs8xDb0eFl+cntVe9NjPcuH7bi+j6eHpxcXpce1Fp9ypdufKW+13Rx9PP510ItJ\/PH8GPKl34alb7lbTCrfBU5d+GE+et8DTKlFsIKdVpRFPLeVQOaysl5O6yFOn1JW6rT\/Hk9Qr9koZcloinc7T+C5i6h72lF7nz4ppuXUaS5Qp99K\/XtTzTMY67GclY2X6yZDVUusEY0yluKwoW4uqvor2JlO4hq3l1kl5scacLd3xv2mO6biRjOsq+Avi5pnRqEGxT\/To2sTQ\/WENiHJZqzZYlD4YzLxnfCU1uTS6rbNsH1uGOa19Jq6ObcyvTYgxGPo11TH1OqdTkTiZvpckwqmLfSt5UQkvYjXmtqPQT516wrxONMfF1BfVbMcm9QyexpynPR8PHWuZNdaLN1roux72WenRT0odeaEXTn0PuwY2U1nkNOYGXknntA6+geSHnEW5WPqRN50T\/H7UdGkkvpbVRduxwOWeY9tDx+fL0xSOWpHK5V5v1TCgG8v+FvIn1RcEt4pmW6KflaKxbPXOJA\/L9LOapL+KIhuEj1WTfEvTFD6JC5Md9lkqlVqlVtoU4W+pmhm2k0v7SqdDq9WGDnQUKbUktVqyvDSGwIbVRzthLcaGZ8Ci\/LZI6\/kzQAnf+FKt8bUF6Mv6BnBiYNg1CdgeYV037AFNQ7nq6NMVpeGKp2t9ziq12Q+S1tgdJSr\/43WBo4\/X5+2Pb88uOErJMfx6hceYg8gcMrE9CAC5NHK\/wNVzfrX5+od8HgYR2BoVA7Kdrut6L3e\/uQRwtI18NyD1PwDhTAxbdyYiCNh1HbfB69VBHv2XvjP6oeERs7\/7jedE09GYVHeTGVYlztWJ6RE0V54LgdhkMkkCMdvxL71A7bsAIkUKyHN1JvgxdgHKXhp6Iyfl6nHecrSFK6YzGBCQeqOPoc86igrG5FIL3CvHsD0f+6Qh1VFYNgpUz08rfP6sUHj+zG7YgAoH2Hdc6EVv6I4WWIBoIWMOG9F4RIou4ZLnNczhq9wO5UjnSFg="}
02392{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389749,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRsAAH8GHDMKZgACCmUAAgBQb1ebu\/F\/m7vpyFAYgAHL\/gAAgCTjk6WgOk+Yuhte8YCoqJM+Dky\/zcMPdjmAy1qchxlt2GLgEfd9OLdw8XoSkvVGjtfwPBEmjtye9l\/muGR2+aTR0qa0i9hFqOXRIbugmqzkVWkv2XInt0ev7u6mkBUY+wtU6bVlovsbE81RUSyySq\/dhWgKWSqcBbLPn317\/gzRgrvQZg1QYEOIhkfkJeTY1cnQMFlu1upVbhc1G4h2hHgrWuwSCN00Qov3coixxK1JtBD9l5yz4ZDPZrgeh0Nec1bPfDk0w6omU7lXDWg7a8FWcEi9UMjnaSxU4Jai+boQRc\/UTtFvDdSYuCyeptYacRvVkBDDE43yQRlpxDS9EdZASnCd5kKj1pBYO95aX0lDlqQfs4ggbuUbSjFJDmkmhpUEJuIuhNUBs+ANgQOyqpBC0rIRNo2B3RD44IWQnCBLFaH5mnol1Ie5aghtKA\/cKTpy\/KGhQRmejyBDo2U5qlEQmonc6wIGWVNK8AWiQZn9N9nWhR7vDtw1qk92wSm7VKCz7hzbcsBq0B4awjrzS6N1rPkFHwR7iS\/7rkFsvZATIirUtzYEEAisHuqGRC7xXOhoc\/VkUeB6tGwIzCYoBH4qAQ5gckLzArpGGPVY1\/HoCnweC0wXeEpv3uX6fTU8UknPW0lNoDopbEyQN1KUeA0clDK1fa4xn+rZAo6Us8CUHnDLjILnamu2PfgV6jqdS5tMxIHRj9aFXD6I2Csp0Cvd78LXBJ05o8AE5\/nF8IeoC1oxBbDwA8qjGXVYMmwlZExUqLfjcEmoEBw5lhCtEKbIdDyLUqH7TUmRp4hVANgohHMmUNguRMMQFGl5MS8sA49gVxuCLM9ZIjmO1exGC\/o1TL6NAKnAagMkGFkVrughwm0eE0slbmgmdmzVG9UjnlYsTYu1KHjQl2EXAMupzXNIo7f264LKRB2SSfbGg7rmf853lKzBFy6zQn+Sm2CU4OaYoE+jiCHAqiCKDUTHZzqeugMpKcU+HjsuAHQ2a46tmYZ23RBmYLcWolWAwMS1sSm2dL0XtnmZzj644U21GLz1A1i\/YhFCwjJYP+AdcDICcUZD8BakGU7PqmWVDAuEhbBAmIUFwiwsEMKwAFAS4E3HuTbIDNAcn7Y7AKJi6KSLA+J3TUIR8OH0rf4yVPJdaALRwpuL4\/cNYY3uGBDLE6ozCT2MZUg16XiKjDdQh4889KS4SZFRCgOxftyFh4T+wpwkFPg08COBCxxJLeKodHuUtPpRPrL7mfYqtFFD1Vu1HKImNPhEFvGHDqwKkALUZ7BwnRULd+Sx7VE9BNRrGaCFMN0\/RLGMCGXijQirMyC76NvC5T5kIUqsoxBk8sjqD2HJWy2OM4nI2BZpNPI0xJgmxHm\/Ghpza15+tjNx8Sgqtag6q3OqJbxQqvtKGchxYBfuQ0TGnd5RqcVapiasFfOk9ijwE6spEuaNgJi0GkJ0E0pAFr41iT2gHCsl8D50d4MyDym62KGq4xls\/8ElJsCwMQk37hRJqoe7HYqSuuMXb2cUi+12cu+kOLoVQoAUcT3HszYk2rXq3ArMlPp44EUj4OlwEA51UwkSc+Irdyvlw31AZtACFMicJtFtqqTUAMy7HVPvQZzEGfAu+5COeYizsVnXmc5BnMWVsaHUwytMa1\/uxmpA90opz6zb5pwAspk5I85oxs4ozEX8RPmVDMl3ZWhjhJrkeWjoOrFjtjQcs8+Uv0BNwf2svb6wuFfYuXXobdPRZSDwZmgRYpzJFYuR2ADAp4A\/HhuyaemvhusrMLVJ+muiznA1p+0tL+whL+5jplp+ugkvhG59huRX+C26XsBbtUxzhvh2XsiVYn0j2Maa\/3zTYFHkDuhVQ8k12Q3se5FjwWlEjt0Ivxc5GtlG1Ojt9HsRC+1zRO+MZxMkM39zGMpnPDe\/zT0PYF4cluin+YnH77\/R+J3aPU8URfRQOJ8="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389866,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390049,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390279,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBSIAAH8GIdgKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAFUWwAAAgQFtAMDAQA="}
00421{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390281,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRgAAIAGAAAKZQACCmYAAm9YAFCbu\/hrm7v7WVAQgAEU6QAAAAAAAAAA"}
01140{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390287,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"5kBKB+riApXG95NLCABFAAJGBRkAAIAGAAAKZQACCmYAAm9YAFCbu\/hrm7v7WVAYgAEXBwAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2VhcmNoXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPQ0KDQo="}
00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00421{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390401,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRgAAH8GIeoKZQACCmYAAm9YAFCbu\/hrm7v7WVAQgAGAHwAAAAAAAAAA"}
01140{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390501,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"ApXG95WRWgXZu6TVCABFAAJGBRkAAH8GH8sKZQACCmYAAm9YAFCbu\/hrm7v7WVAYgAFYUgAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2VhcmNoXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPQ0KDQo="}
00796{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390509,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"WgXZu6TVApXG95WRCABFAAFFBSMAAIAGAAAKZgACCmUAAgBQb1ibu\/tZm7v6iVAYgAEWBgAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMjo0NSBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiAyMA0KS2VlcC1BbGl2ZTogdGltZW91dD0yLCBtYXg9MTAwMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQoNCh+LCAAAAAAAAP8DAAAAAAAAAAAA"}
@@ -65,8 +65,8 @@
00422{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390687,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRoAAIAGAAAKZQACCmYAAm9YAFCbu\/qJm7v8dlAUgAEU6QAAAAAAAAAA"}
00422{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390688,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"WgXZu6TVApXG95WRCABFAAAoBSQAAIAGAAAKZgACCmUAAgBQb1ibu\/x2m7v6iVAUgAEU6QAAAAAAAAAA"}
00422{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390930,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRoAAH8GIegKZQACCmYAAm9YAFCbu\/qJm7v8dlAUgAF84AAAAAAAAAAA"}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_tot_l4_data_len":62186,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":863,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_tot_l4_data_len":3586,"flow_min_l4_data_len":20,"flow_max_l4_data_len":551,"flow_avg_l4_data_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":14200,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":473,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test"}

78
test/results/ajp.pcap.out
View File

@@ -1,78 +1,78 @@
00380{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00397{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447407,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00397{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447547,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447556,"pkt_caplen":94,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447616,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00393{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447617,"pkt_caplen":75,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":75,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9JcsXbMJOgLrmAGABzYJIAAAEBCApOnGnoHlfv2BI0AAEK"}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447662,"pkt_caplen":94,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447809,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSZfIk6AuuXLF2zWAEAByfM8AAAEBCAoeV+\/ZTpxp6A=="}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":7,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":7,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00409{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447980,"pkt_caplen":86,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448303,"pkt_caplen":75,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":75,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAOcFhQABABg3+rB0Jk6wdCZIfSZfIk6AuuXLF2zWAGAByMn8AAAEBCAoeV+\/ZTpxp6EFCAAEJ"}
00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":9,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":9,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00420{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448477,"pkt_caplen":91,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
01517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448584,"pkt_caplen":912,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448596,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLLQABABhyZrB0JkqwdCZOXyB9JcsXbNZOgLr6AEABzfMkAAAEBCApOnGnoHlfv2Q=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":12,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":12,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
01494{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448604,"pkt_caplen":896,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":896,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQADbrLMQABABhlerB0JkqwdCZOXyB9JcsXbNZOgLr6AGABz+PcAAAEBCApOnGnoHlfv2RI0AzYCBAAISFRUUC8xLjEAADQvQ0NQL3BhZ2VzL3JlbGF0b3Jpb3MvcmVsYXRvcmlvRGVPcmRlbURlU2Vydmljby5zZWFtAAAMMTcyLjI5LjAuMTI5AP\/\/ABdzaXN0ZW1hc2NjcC5pbmVwLmdvdi5icgAAUAAADqAGAAprZWVwLWFsaXZlAAANQ2FjaGUtQ29udHJvbAAACW1heC1hZ2U9MAAABk9yaWdpbgAAHmh0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5icgAAGVVwZ3JhZGUtSW5zZWN1cmUtUmVxdWVzdHMAAAExAKAOAGlNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMTEzIFNhZmFyaS81MzcuMzYAoAcAIWFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZACgAQBVdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOACgDQBbaHR0cDovL3Npc3RlbWFzY2NwLmluZXAuZ292LmJyL0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbT9jaWQ9NjgwOAAAD0FjY2VwdC1FbmNvZGluZwAABGd6aXAAAA9BY2NlcHQtTGFuZ3VhZ2UAACNwdC1CUixwdDtxPTAuOCxlbi1VUztxPTAuNixlbjtxPTAuNACgCAADMjE5AKAJADJKU0VTU0lPTklEPTA4NTM5MDdEOEUzMjQ3NzZBNzRDMkE1MEEzMjY2NEUyLjAwOTE0NwCgCwAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAAxYLUlNRm9yd2FyZHMAAAIyMAAGAAYwMDkxNDcACgAPQUpQX1JFTU9URV9QT1JUAAAENTcwNQAKABBKS19MQl9BQ1RJVkFUSU9OAAADQUNUAP8="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":13,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":13,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00692{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448606,"pkt_caplen":295,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQABFbLNQABABhu2rB0JkqwdCZOXyB9JcsXeb5OgLr6AGABzI4sAAAEBCApOnGnpHlfv2RI0AN0A23JlbGF0b3Jpb0Zvcm09cmVsYXRvcmlvRm9ybSZ0aXBvUmVsYXRvcmlvT1NEZWNvcmF0ZSUzQXRpcG9SZWxhdG9yaW9PU1NlbGVjdD1PUkRFTV9ERV9TRVJWSUNPX0dFUkFMJkFEZWNvcmF0ZSUzQUFDaGVjaz1vbiZCRGVjb3JhdGUlM0FCQ2hlY2s9b24mQ0RlY29yYXRlJTNBQ0NoZWNrPW9uJmpfaWQxNTYueD0xMDEmal9pZDE1Ni55PTgmamF2YXguZmFjZXMuVmlld1N0YXRlPWpfaWQxMw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":14,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":14,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448662,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFiQABABg4CrB0Jk6wdCZIfSZfIk6AuvnLF31CAEACLeJUAAAEBCAoeV+\/aTpxp6A=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":15,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":15,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00410{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448825,"pkt_caplen":86,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00698{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":617953,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQABGsFjQABABg0brB0Jk6wdCZIfSZfIk6AuvnLF31CAGACL2MAAAAEBCAoeV\/CDTpxp6EFCAOIEAS4AEU1vdmVkIFRlbXBvcmFyaWx5AAAEAAxYLVBvd2VyZWQtQnkAACNTZXJ2bGV0IDIuNTsgSkJvc3MtNS4wL0pCb3NzV2ViLTIuMQAADFgtUG93ZXJlZC1CeQAAB0pTRi8xLjIAoAYAcGh0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy92aXN1YWxpemFyUmVsYXRvcmlvL3Zpc3VhbGl6YXJSZWxhdG9yaW9Pc0dlcmFsLnNlYW0\/Y2lkPTY4MDgAoAMAATAA"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":17,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":17,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00399{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":18,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":617955,"pkt_caplen":76,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAOsFkQABABg36rB0Jk6wdCZIfSZfIk6AvpHLF31CAGACLMLMAAAEBCAoeV\/CDTpxp6EFCAAIFAQ=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":18,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":18,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":618218,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLOQABABhyWrB0JkqwdCZOXyB9JcsXfUJOgL6qAEAB7dmYAAAEBCApOnGqSHlfwgw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":19,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":19,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00398{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447407,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00398{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447547,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447556,"pkt_caplen":94,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447616,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447617,"pkt_caplen":75,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":75,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9KcsXbMJOgLrmAGABzYJEAAAEBCApOnGnoHlfv2BI0AAEK"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447662,"pkt_caplen":94,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447809,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSpfIk6AuuXLF2zWAEAByfM4AAAEBCAoeV+\/ZTpxp6A=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":26,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":26,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00410{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":447980,"pkt_caplen":86,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448303,"pkt_caplen":75,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":75,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAOcFhQABABg3+rB0Jk6wdCZIfSpfIk6AuuXLF2zWAGAByMn4AAAEBCAoeV+\/ZTpxp6EFCAAEJ"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":28,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":28,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00420{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448477,"pkt_caplen":91,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
01517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448584,"pkt_caplen":912,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":31,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448596,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLLQABABhyZrB0JkqwdCZOXyB9KcsXbNZOgLr6AEABzfMgAAAEBCApOnGnoHlfv2Q=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":31,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":31,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
01494{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":32,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448604,"pkt_caplen":896,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":896,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQADbrLMQABABhlerB0JkqwdCZOXyB9KcsXbNZOgLr6AGABz+PYAAAEBCApOnGnoHlfv2RI0AzYCBAAISFRUUC8xLjEAADQvQ0NQL3BhZ2VzL3JlbGF0b3Jpb3MvcmVsYXRvcmlvRGVPcmRlbURlU2Vydmljby5zZWFtAAAMMTcyLjI5LjAuMTI5AP\/\/ABdzaXN0ZW1hc2NjcC5pbmVwLmdvdi5icgAAUAAADqAGAAprZWVwLWFsaXZlAAANQ2FjaGUtQ29udHJvbAAACW1heC1hZ2U9MAAABk9yaWdpbgAAHmh0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5icgAAGVVwZ3JhZGUtSW5zZWN1cmUtUmVxdWVzdHMAAAExAKAOAGlNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMTEzIFNhZmFyaS81MzcuMzYAoAcAIWFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZACgAQBVdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOACgDQBbaHR0cDovL3Npc3RlbWFzY2NwLmluZXAuZ292LmJyL0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbT9jaWQ9NjgwOAAAD0FjY2VwdC1FbmNvZGluZwAABGd6aXAAAA9BY2NlcHQtTGFuZ3VhZ2UAACNwdC1CUixwdDtxPTAuOCxlbi1VUztxPTAuNixlbjtxPTAuNACgCAADMjE5AKAJADJKU0VTU0lPTklEPTA4NTM5MDdEOEUzMjQ3NzZBNzRDMkE1MEEzMjY2NEUyLjAwOTE0NwCgCwAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAAxYLUlNRm9yd2FyZHMAAAIyMAAGAAYwMDkxNDcACgAPQUpQX1JFTU9URV9QT1JUAAAENTcwNQAKABBKS19MQl9BQ1RJVkFUSU9OAAADQUNUAP8="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":32,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":32,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00692{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448606,"pkt_caplen":295,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQABFbLNQABABhu2rB0JkqwdCZOXyB9KcsXeb5OgLr6AGABzI4oAAAEBCApOnGnpHlfv2RI0AN0A23JlbGF0b3Jpb0Zvcm09cmVsYXRvcmlvRm9ybSZ0aXBvUmVsYXRvcmlvT1NEZWNvcmF0ZSUzQXRpcG9SZWxhdG9yaW9PU1NlbGVjdD1PUkRFTV9ERV9TRVJWSUNPX0dFUkFMJkFEZWNvcmF0ZSUzQUFDaGVjaz1vbiZCRGVjb3JhdGUlM0FCQ2hlY2s9b24mQ0RlY29yYXRlJTNBQ0NoZWNrPW9uJmpfaWQxNTYueD0xMDEmal9pZDE1Ni55PTgmamF2YXguZmFjZXMuVmlld1N0YXRlPWpfaWQxMw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":33,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":33,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":34,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448662,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFiQABABg4CrB0Jk6wdCZIfSpfIk6AuvnLF31CAEACLeJQAAAEBCAoeV+\/aTpxp6A=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":34,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":34,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00410{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":448825,"pkt_caplen":86,"pkt_type":35075,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","type":35075}
00698{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":36,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":617953,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQABGsFjQABABg0brB0Jk6wdCZIfSpfIk6AuvnLF31CAGACL2L8AAAEBCAoeV\/CDTpxp6EFCAOIEAS4AEU1vdmVkIFRlbXBvcmFyaWx5AAAEAAxYLVBvd2VyZWQtQnkAACNTZXJ2bGV0IDIuNTsgSkJvc3MtNS4wL0pCb3NzV2ViLTIuMQAADFgtUG93ZXJlZC1CeQAAB0pTRi8xLjIAoAYAcGh0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy92aXN1YWxpemFyUmVsYXRvcmlvL3Zpc3VhbGl6YXJSZWxhdG9yaW9Pc0dlcmFsLnNlYW0\/Y2lkPTY4MDgAoAMAATAA"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":36,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":36,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00399{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":37,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":617955,"pkt_caplen":76,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAOsFkQABABg36rB0Jk6wdCZIfSpfIk6AvpHLF31CAGACLMLIAAAEBCAoeV\/CDTpxp6EFCAAIFAQ=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":37,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":37,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505154584,"pkt_ts_usec":618218,"pkt_caplen":70,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLOQABABhyWrB0JkqwdCZOXyB9KcsXfUJOgL6qAEAB7dmUAAAEBCApOnGqSHlfwgw=="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","type":33024}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test"}

1266
test/results/alexa-app.pcapng.out
View File

File diff suppressed because it is too large Load Diff

8
test/results/among_us.pcap.out
View File

@@ -1,6 +1,6 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test"}

20
test/results/amqp.pcap.out
View File

@@ -1,13 +1,13 @@
00381{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118902,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00553{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119100,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puNAAEAGlN5\/AAEBfwAAARYorK03ECYST3RmbIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00827{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119203,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjxi9AAEAGdGN\/AAABfwABAaytFihPdGZsNxAmEoAYAV4AWAAAAQEICgC+1cIAvtXCAwABAAABJ3sic3dfc3lzIjogIkxpbnV4IiwgImNsb2NrIjogMzkxNzI1LCAidGltZXN0YW1wIjogMTQ5MDkwNDE2Ni4xMTg1ODMsICJob3N0bmFtZSI6ICJjZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tIiwgInBpZCI6IDE4OTQsICJzd192ZXIiOiAiMy4xLjE4IiwgInV0Y29mZnNldCI6IDAsICJsb2FkYXZnIjogWzAuNzgsIDAuNTYsIDAuNDJdLCAicHJvY2Vzc2VkIjogMTEzOTQyLCAiYWN0aXZlIjogMCwgImZyZXEiOiAyLjAsICJ0eXBlIjogIndvcmtlci1oZWFydGJlYXQiLCAic3dfaWRlbnQiOiAicHktY2VsZXJ5In3O"}
00421{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puRAAEAGlN1\/AAEBfwAAARYorK03ECYST3Rnm4AQSe7\/KAAAAQEICgC+1cIAvtXC"}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":0,"flow_tot_l4_data_len":480,"flow_min_l4_data_len":480,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":480,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":0,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01023{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119482,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
00479{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":120866,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxjBAAEAGdWh\/AAABfwABAaytFihPdGebNxAmEoAYAV7\/UQAAAQEICgC+17YAvtXCAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
@@ -18,9 +18,9 @@
00423{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pudAAEAGlNp\/AAEBfwAAARYorK03ECYST3RpU4AQSe7\/KAAAAQEICgC+17YAvte2"}
01024{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121405,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00422{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMRAAEAGHv5\/AAABfwABAaysFiigc2eMnpKk34AQDjX\/KAAAAQEICgC+17YAvte2"}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152163,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00422{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00614{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152378,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00422{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sJAAEAGZP9\/AAEBfwAAARYorK7a34rgiptOuIAQDAj\/KAAAAQEICgC+2LgAvti4"}
@@ -32,7 +32,7 @@
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":153759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puhAAEAGlNl\/AAEBfwAAARYorK03ECYST3RpeYAQSe7\/KAAAAQEICgC+2LgAvti4"}
00554{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":153858,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"AAAAAAAAAAAAAAAACABFAACUxjRAAEAGdS1\/AAABfwABAaytFihPdGl5NxAmEoAYAV7\/iAAAAQEICgC+2LgAvti4AgABAAAAWAA8AAAAAAAAAAABQfgAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00450{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":156013,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AAAAAAAAAAAAAAAACABFAABJHMZAAEAGHud\/AAABfwABAaysFiigc2eMnpKmiIAYDjX\/PQAAAQEICgC+2LkAvti4AQABAAAADQA8AFAAAAAAAAG9FwDO"}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_tot_l4_data_len":1566,"flow_min_l4_data_len":32,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00422{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":156025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AQdAAEAGOrt\/AAEBfwAAARYorKyekqaIoHNnoYAQAXf\/KAAAAQEICgC+2LkAvti5"}
00467{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":594184,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABTPz5AAEAG\/GR\/AAABfwABAayuFiiKm0+u2t+K4IAYAV7\/RwAAAQEICgC+2SYAvti4AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00422{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":594213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sRAAEAGZP1\/AAEBfwAAARYorK7a34rgiptPzYAQDAj\/KAAAAQEICgC+2SYAvtkm"}
@@ -50,7 +50,7 @@
00993{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":135718,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AAAAAAAAAAAAAAAACABFAAHdAQtAAEAGOQ5\/AAEBfwAAARYorKyekqnxoHNntoAYAXcA0gAAAQEICgC+2a4AvtknAQABAAAAHwA8ADwBNAAAAAAAAb0ZAAdkZWZhdWx0B3Rhc2tzLiPOAgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkNTRhOTE1NGEtMTZiNC00NGFkLTg5OWYtNmMzNjI5YzNiNGVlJGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4DAAEAAADugAJ9cQEoVQdleHBpcmVzcQJOVQN1dGNxA4hVBGFyZ3NxBF1xBVgDAAAAMjYycQZhVQVjaG9yZHEHTlUJY2FsbGJhY2tzcQhOVQhlcnJiYWNrc3EJTlUHdGFza3NldHEKTlUCaWRxC1UkNTRhOTE1NGEtMTZiNC00NGFkLTg5OWYtNmMzNjI5YzNiNGVlcQxVB3JldHJpZXNxDUsAVQR0YXNrcQ5VH0NvZ25pdG9Db3JlLnRhc2tzLmV4ZWN1dGVQb2xpY3lxD1UJdGltZWxpbWl0cRBOToZVA2V0YXERTlUGa3dhcmdzcRJ9cRN1Ls4="}
00423{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":135886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMhAAEAGHvp\/AAABfwABAaysFiigc2e2npKrmoAQDjX\/KAAAAQEICgC+2a4Avtmr"}
00993{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":155347,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AAAAAAAAAAAAAAAACABFAAHdAQxAAEAGOQ1\/AAEBfwAAARYorKyekquaoHNntoAYAXcA0gAAAQEICgC+2bMAvtmuAQABAAAAHwA8ADwBNAAAAAAAAb0aAAdkZWZhdWx0B3Rhc2tzLiPOAgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkOTJiZGYxYTItYjM4Ni00NDE3LWIzNTEtMzRlZDYyMDk2ODI3JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4DAAEAAADugAJ9cQEoVQdleHBpcmVzcQJOVQN1dGNxA4hVBGFyZ3NxBF1xBVgDAAAAMjYxcQZhVQVjaG9yZHEHTlUJY2FsbGJhY2tzcQhOVQhlcnJiYWNrc3EJTlUHdGFza3NldHEKTlUCaWRxC1UkOTJiZGYxYTItYjM4Ni00NDE3LWIzNTEtMzRlZDYyMDk2ODI3cQxVB3JldHJpZXNxDUsAVQR0YXNrcQ5VH0NvZ25pdG9Db3JlLnRhc2tzLmV4ZWN1dGVQb2xpY3lxD1UJdGltZWxpbWl0cRBOToZVA2V0YXERTlUGa3dhcmdzcRJ9cRN1Ls4="}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_tot_l4_data_len":4278,"flow_min_l4_data_len":32,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_tot_l4_data_len":10751,"flow_min_l4_data_len":32,"flow_max_l4_data_len":361,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_tot_l4_data_len":3045,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":101,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test"}

500
test/results/android.pcap.out
View File

@@ -1,14 +1,14 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454769,"pkt_ts_usec":772338,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454779631,"flow_last_seen":0,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":78,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":78,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454779631,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":631132,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="}
00466{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":631208,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="}
00491{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":931221,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00529{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":571276,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQoAAC4GWnAR+LBLwKgCEQG7xZj0WotEsqX09IAZBCq4jgAAAQEIClsVzjYR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454780612,"flow_last_seen":0,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":78,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":78,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454780612,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":612355,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="}
00470{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":612849,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="}
00532{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":907526,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
@@ -16,12 +16,12 @@
00530{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454781,"pkt_ts_usec":788994,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQsAAC4GWm8R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqzzQAAAQEIClsV0vcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454782,"pkt_ts_usec":747560,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr8AAC4GBLwR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCtGwAAAQEIClsV1rYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00530{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454784,"pkt_ts_usec":220076,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQwAAC4GWm4R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqqTgAAAQEIClsV3HYR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454784,"pkt_ts_usec":313816,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00534{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454785,"pkt_ts_usec":114944,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsAAAC4GBLsR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCj2wAAAQEIClsV3\/YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00808{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454786,"pkt_ts_usec":281820,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454787658,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454787658,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454787,"pkt_ts_usec":658770,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00423{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454787,"pkt_ts_usec":658773,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"}
00466{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454788,"pkt_ts_usec":86408,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
@@ -30,147 +30,141 @@
00530{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454789,"pkt_ts_usec":276418,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQ0AAC4GWm0R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqWjQAAAQEIClsV8DcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454789,"pkt_ts_usec":787671,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsEAAC4GBLoR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCRmwAAAQEIClsV8jYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00467{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454790,"pkt_ts_usec":710174,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkcAADAGdqIR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVw+QAAAQEIChoMsw8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454792,"pkt_ts_usec":980209,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00808{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454793,"pkt_ts_usec":758718,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDcAAP8RQm4AAAAA\/\/\/\/\/wBEAEMBNI09AQEGAHhURwsACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00467{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454794,"pkt_ts_usec":102756,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkgAADAGdqER+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVjuQAAAQEIChoMwE8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454796,"pkt_ts_usec":360694,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00528{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454799,"pkt_ts_usec":4089,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQ4AAC4GWmwR+LBLwKgCEQG7xZj0WotEsqX09IAZBCpwjQAAAQEIClsWFjcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454799,"pkt_ts_usec":515347,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsIAAC4GBLkR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTBrmwAAAQEIClsWGDYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454801,"pkt_ts_usec":77955,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkkAADAGdqAR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVIeQAAAQEIChoM248R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00808{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454802,"pkt_ts_usec":453429,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDgAAP8RQm0AAAAA\/\/\/\/\/wBEAEMBNI00AQEGAHhURwsAEgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00808{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454811,"pkt_ts_usec":217599,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDkAAP8RQmwAAAAA\/\/\/\/\/wBEAEMBNI0rAQEGAHhURwsAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00808{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454819,"pkt_ts_usec":289636,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDoAAP8RQmsAAAAA\/\/\/\/\/wBEAEMBNI0jAQEGAHhURwsAIwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":29099,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":653040,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":653165,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7xiwDYGpkCABFAABJ7RwAAAERKOPAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00569{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454825,"pkt_ts_usec":628962,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACa4oMAAP8RXP2p\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454825,"pkt_ts_usec":629044,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaWhcAAAERrJjAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454826,"pkt_ts_usec":369837,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABItCAAAEARQDTAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00808{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454827,"pkt_ts_usec":440179,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDsAAP8RQmoAAAAA\/\/\/\/\/wBEAEMBNI0bAQEGAHhURwsAKwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454835,"pkt_ts_usec":472764,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDwAAP8RQmkAAAAA\/\/\/\/\/wBEAEMBNI0TAQEGAHhURwsAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00455{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454839,"pkt_ts_usec":884181,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"TGr2n\/Yn2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAIz8BFqJChwkZ1iJYPgAYGUrS4o4DJHL\/S\/E6LdOr1skAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":53,"source":"android.pcap","alias":"nDPId-test","type":34958}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":53,"source":"android.pcap","alias":"nDPId-test","type":34958}
00482{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454839,"pkt_ts_usec":890005,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwB1AgEKAAAAAAAAAAAAABuBPQRawmcmCJuMCTTl787Fbc92e9r2cPO8HkAbqnp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI+Bbd0vg6TUoOiFATr40\/ABYwFAEAAA+sBAEAAA+sBAEAAA+sAgAA"}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":54,"source":"android.pcap","alias":"nDPId-test","type":34958}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":54,"source":"android.pcap","alias":"nDPId-test","type":34958}
00809{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454844,"pkt_ts_usec":193681,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeD0AAP8RQmgAAAAA\/\/\/\/\/wBEAEMBNI0KAQEGAHhURwsAPAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454853,"pkt_ts_usec":81631,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAQwAAEAR8XbAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454856,"pkt_ts_usec":384360,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIA+oAAEAR8GrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":58,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":58,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":4691,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"TGr2n\/Yn2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAItGYkOhXtVHFSBei+KDaRb2mr+UrA3yLPv\/bW2693f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","type":34958}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","type":34958}
00480{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":9017,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwB1AgEKAAAAAAAAAAAAABovI0nixZFFW\/ZpJww553gjQO2Uwi5137Ow8+iP3PqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6nQQ8V4nFthsHWtgZMXFABYwFAEAAA+sBAEAAA+sBAEAAA+sAgAA"}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":61,"source":"android.pcap","alias":"nDPId-test","type":34958}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":61,"source":"android.pcap","alias":"nDPId-test","type":34958}
00529{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":9287,"pkt_caplen":169,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":169,"pkt_l4_len":0,"pkt":"TGr2n\/Yn2DBiVgAciI4CAwCXAhPKABAAAAAAAAAAAYtGYkOhXtVHFSBei+KDaRb2mr+UrA3yLPv\/bW2693f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZcbSnYYoBu5dETlqS4YLUADjuvEvKQvPJ0rVdu0zb5LSOsCSMjRkTMYTV0rOZo1ZtYgUxQ\/1u64gYvePhWbMqouPvhtSR61kuMw=="}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":62,"source":"android.pcap","alias":"nDPId-test","type":34958}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":62,"source":"android.pcap","alias":"nDPId-test","type":34958}
00452{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":13552,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwBfAgMKAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACSXhMQpT7Z+H8pmeIKqgblAAA="}
00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":63,"source":"android.pcap","alias":"nDPId-test","type":34958}
00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":63,"source":"android.pcap","alias":"nDPId-test","type":34958}
00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":794321,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"pkt":"MzP\/n\/YnTGr2n\/Ynht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/n\/YnhwBLLgAAAAD+gAAAAAAAAE5q9v\/+n\/Yn"}
00472{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00429{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":802211,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00463{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00471{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00461{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":26255,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00796{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":405948,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"pkt":"\/\/\/\/\/\/\/\/TGr2n\/YnCABFEAE6AABAAEAROaQAAAAA\/\/\/\/\/wBEAEMBJv6iAQEGAO9+0loAAAAAAAAAAAAAAAAAAAAAAAAAAExq9p\/2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTGr2n\/YnOQIF3DwOYW5kcm9pZC1kaGNwLTk3CgEDBg8aHDM6Oyv\/AA=="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":407712,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXYAAP8RB83AqAIBwKgCEABDAEQBNN9OAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":448783,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00812{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":536260,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"\/\/\/\/\/\/\/\/TGr2n\/YnCABFEAFGAABAAEAROZgAAAAA\/\/\/\/\/wBEAEMBMg8gAQEGAO9+0loAAAAAAAAAAAAAAAAAAAAAAAAAAExq9p\/2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBTGr2n\/YnMgTAqAIQNgTAqAIBOQIF3DwOYW5kcm9pZC1kaGNwLTk3CgEDBg8aHDM6Oyv\/AA=="}
00801{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":538292,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXcAAP8RB8zAqAIBwKgCEABDAEQBNNxOAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":803266,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":803383,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
00485{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00464{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":894254,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":34753,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA\/qSJAAEARDCrAqAIQwKgCAc7ZADUAKwPW+6YBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00636{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":75877,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454867151,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454867151,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":151119,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
00440{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":184863,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
00427{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":186637,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
00703{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":196995,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD\/SKFAAEAG5tnAqAIQEf01yePiAFBF7HpyriQD6IAYAVcOJwAAAQEICv\/\/Mvp2SOQ3R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpDb25uZWN0aW9uOiBDbG9zZQ0KSG9zdDogY2FwdGl2ZS5hcHBsZS5jb20NCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":32,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00428{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ee4AADQGAlgR\/TXJwKgCEABQ4+KuJAPoRex7PYAQAHWGuAAAAQEICnZI5GX\/\/zL6"}
01389{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231433,"pkt_caplen":781,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":781,"pkt_l4_len":747,"pkt":"TGr2n\/YnxiwDYGpkCABFAAL\/ee8AADQG\/4sR\/TXJwKgCEABQ4+KuJAPoRex7PYAYAHUjQQAAAQEICnZI5Gb\/\/zL6SFRUUC8xLjEgMjAwIE9LDQp4LWFtei1pZC0yOiBUZmRScWY2TzVNZjhFamtVSWR6amlwRWhKVzRQSHdWTUJ6bndmWmRSeTk2TXE2SDQ5SFRxWUdqRjZoOVd5VnNvRUpVMjhZeExNYjA9DQp4LWFtei1yZXF1ZXN0LWlkOiA1Q0ZEQkY3OUFCMENGNTIzDQpEYXRlOiBTdW4sIDIzIEZlYiAyMDIwIDEwOjQ2OjE2IEdNVA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAxNyAyMDozNjoyOCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiA2OQ0KU2VydmVyOiBBVFMvOC4wLjYNClZpYTogaHR0cC8xLjEgbmxhbXMyLWVkZ2UtbHgtMDExLnRzLmFwcGxlLmNvbSAoQXBhY2hlVHJhZmZpY1NlcnZlci84LjAuNiksIGh0dHAvMS4xIG5sYW1zMi1lZGdlLWJ4LTAwMy50cy5hcHBsZS5jb20gKEFwYWNoZVRyYWZmaWNTZXJ2ZXIvOC4wLjYpDQpDRE5VVUlEOiA0ZjE5MDZhNy0wZTI1LTQ3MmItODY4Yy0wMTA3NDNlMGViNGMtMTI4MDQzMDk4MQ0KWC1DYWNoZTogaGl0LWZyZXNoLCBoaXQtZnJlc2gNCkV0YWc6ICI0MWJhMDYwZWIxYzA4OThlMGE0YTBjY2EzNmE4Y2E5MSINCkFnZTogOTENCkNvbm5lY3Rpb246IGNsb3NlDQoNCjxIVE1MPjxIRUFEPjxUSVRMRT5TdWNjZXNzPC9USVRMRT48L0hFQUQ+PEJPRFk+U3VjY2VzczwvQk9EWT48L0hUTUw+Cg=="}
00428{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0efAAADQGAlYR\/TXJwKgCEABQ4+KuJAazRex7PYARAHWD6wAAAQEICnZI5Gb\/\/zL6"}
00428{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":232359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKJAAEAG56PAqAIQEf01yePiAFBF7Hs9riQGs4AQAVyC\/AAAAQEICv\/\/MwN2SORm"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":244479,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="}
00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":275043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKNAAEAG56LAqAIQEf01yePiAFBF7Hs9riQGtIAQAVyC8AAAAQEICv\/\/Mw52SORm"}
00428{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":278659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKRAAEAG56HAqAIQEf01yePiAFBF7Hs9riQGtIARAVyC7gAAAQEICv\/\/Mw92SORm"}
00529{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":284329,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"TGr2n\/YnxiwDYGpkCABFAAB+z3oAAEARJZPAqAIBwKgCEAA1i\/EAapnsoPSBgAABAAQAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAcAMAAEAAQAAARgABNjvIwjADAABAAEAAAEYAATY7yMAwAwAAQABAAABGAAE2O8jBMAMAAEAAQAAARgABNjvIww="}
00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":42,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
00429{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":312098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AAAAADQGfEYR\/TXJwKgCEABQ4+KuJAa0Rex7PoAQAHWDhAAAAQEICnZI5Lf\/\/zMP"}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":323339,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xiwDYGpkTGr2n\/YnCABFAABMoTdAAEAR2rnAqAIQ2O8jCLMnAHsAOGfAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH81o7jEm7M"}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Google","breed":"Tracker\/Ads","category":"System"}}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Google","breed":"Tracker\/Ads","category":"System"}}
00458{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":358613,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMa8oAAGcRKSfY7yMIwKgCEAB7sycAOKcPHAEA7AAAAAAAAAAMR09PR+H81tNW8KhI4fzWjuMSbszh\/NbTVvCoSeH81tNW8KhL"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":637290,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqXVAAEARC9XAqAIQwKgCAYbsADUALQrUr3oBAAABAAAAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAQ=="}
00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00465{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":639360,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454867688,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454867688,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":688207,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
00440{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":702373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
00427{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":703177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":723627,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":759068,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"pkt":"xiwDYGpkTGr2n\/YnCABFAADaoxtAAEAG1OLAqAIQ2O8meIDOAbtPCpBt7LnzAIAYAVcMzgAAAQEICv\/\/M4cG5BElFgMBAKEBAACdAwMRGw5cHdksc9heZfp3I+xA9Dx3FfWs\/ESCI9YfdinRawAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABY\/wEAAQAAAAAYABYAABNjbGllbnRzMS5nb29nbGUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAALAAIBAAAKAAgABgAdABcAGA=="}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":32,"flow_max_l4_data_len":198,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00466{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":761577,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00428{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":772247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA044kAAHYGnxrY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPAldAAAAQEICgbkEWz\/\/zOH"}
02331{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":788871,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+454AAHYGmXvY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPBhXgAAAQEICgbkEXz\/\/zOHFgMDAFsCAABXAwNeUlhT+JSu0CzE6p\/I2\/gOP1A6Yws6UjVET1dOR1JEASCSHfJd41LVYRIobo4mn6bha35YI5pXY1xgIBtQkEQn5sArAAAPABcAAP8BAAEAAAsAAgEAFgMDDaMLAA2fAA2cAAlIMIIJRDCCCCygAwIBAgIRAO7eZWDNNcCvAgAAAABZcbcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczETMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDAyMTIxMTQ3MTFaFw0yMDA1MDYxMTQ3MTFaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATKjE9IuwUMNbIbCmiOS1XWI2yPFLanStLIADumajnPmHrED+4\/bPKa3HXecM4hPVHL8OgqwVYWveZsS6OdF9Pqo4IG2jCCBtYwDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFCRtN1AKArkz3KlGMpfhLYkaPFkYMB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGQGCCsGAQUFBwEBBFgwVjAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMW8xMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MIIEnQYDVR0RBIIElDCCBJCCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29tghgqLmNyb3dkc291cmNlLmdvb2dsZS5jb22CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CESouZ2NwY2RuLmd2dDEuY29tggoqLmdncGh0LmNugg4qLmdrZWNuYXBwcy5jboIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2dsZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2dsZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8qLmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyouZ29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdvb2dsZWFwaXMuY26CESouZ29vZ2xlY25hcHBzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYISKi5nc3RhdGljY25hcHBzLmNuggoqLmd2dDEuY29tggoqLmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAqLnVybC5nb29nbGUuY29tghMqLndlYXI="}
00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_tot_l4_data_len":1792,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02338{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":789038,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+458AAHYGmXrY7yZ4wKgCEAG7gM7sufiKTwqRE4AQAPCeCQAAAQEICgbkEXz\/\/zOHLmdrZWNuYXBwcy5jboIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IIZ2dwaHQuY26CDGdrZWNuYXBwcy5jboIGZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYIPZ29vZ2xlY25hcHBzLmNughJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lkLmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tggV5dC5iZTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTMU8xLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABcDlwaWcAAAQDAEYwRAIgPkDfmNQQtYk4PO65nKbFDPxrtuKj0LUnMBJA7dXsRIQCIEGeuacIhVOlrS+1iAVA0U0iyybUM0lG\/RPB\/3vh95L\/AHcAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFwOXBpeAAABAMASDBGAiEA\/aqZJ3\/UQPTU5w2ydUe+NIpSKGeWsTu9ETSgNqMyKQ0CIQCNTcmnSe+IFDSTDsIFaJSAF15KE5ZZWiPkZYaSiV0HpTANBgkqhkiG9w0BAQsFAAOCAQEAf9Q9aOGx44RDc80lasP1olu0dWIOJGY5YuCcfiy9u5dIiiKuSXtzOzfbHinsrRypZ\/SyVnGSiVNGW0zALKbptJsrk\/UwkVM5UMkrBXXd8OcIdDkc2mjMX3RWV2z+W1XBpLgvxXaDYJxRY33SZYn\/GVms0HRjU+vHV0jWAa0lnGb04ulB74lc8ikTRfDV0D5JnxBp3eCQIV6\/2zXyoWKf5\/L7HpkKZilrgNnjvtVtwvIglUNiWkFEhJDqrg7HjKhCi0ZfkaoPR1jWaWewiX8VRJPX\/C\/Z3PX6kK0TNwgehOJzcG6O45MHZMPb3MrHuPL141kYOvYkiBBMOFR7REu0DQAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SA="}
01628{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":789734,"pkt_caplen":951,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":951,"pkt_l4_len":917,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOp46AAAHYGm47Y7yZ4wKgCEAG7gM7suf4UTwqRE4AYAPB3NwAAAQEICgbkEXz\/\/zOHxhwt79EYYWXnI4MgqCMS\/9Ikf9Qv50RqW03XUGawr55CYwX74BzEY2Gvn2oz\/2KXvUjZ03wUZ9x13C5p6PhteGnQtxAFuPExwjsk\/RozdPgj4OxrGYoWxuPNpM0L27OkWWA4iDutHbnGjKdTG\/y82aSrvN08YdeTFZjugb2P4mRHIEAGTtesl+i5wFkSoUklI+TtcDQspbRjfPmjPYPRzW0krAcCAwEAAaOCATMwggEvMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUmNH4bhDrz5vsYJ8YkBug630J\/SswHwYDVR0jBBgwFoAUm+IHV2ccHsBqBt5ZtJot39wZhi4wNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5wa2kuZ29vZy9nc3IyMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMi9nc3IyLmNybDA\/BgNVHSAEODA2MDQGBmeBDAECAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3BraS5nb29nL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAagD42efvzLqlGN31eVBY1rsdOCJn+vdE0aSZSZgc9CrpJy2L08RqO\/BFPaJZMdCvTZ96yo6oFjYRNTCBlD6WW2g0W+Gw7228EI4hrOmzBYL1on3GO7i1YNAfw1VTphln9e14NIZT1jMmo+NjyrcwPGvOap6kEJ\/mjybD\/AnhrYbrHNSvoVvpPwxwM7bY8tEvq7czhPOzcDYzWPpvKQliLzBYhF0C8otZm79rEFVvNiaqbCSbnMtINbmcgAlsQsJAJnAwfnq3YO+qh\/GzoEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDAHMMAABvAwAdIHJo2c4KVN+CoUxaZSNZJAA1neTMVFMdaLlrhYyfhlJEBAMARzBFAiEA1aEQpiPcP2j255s8vrM7twEVl2fURcih\/qijiSimjZECIBovWYnKwFgg5yE9gM68Z2ly7RBtG2LFPMOcmq5NxiHvFgMDAAQOAAAA"}
02156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_tot_l4_data_len":4159,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":519,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
02167{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00428{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":790200,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxxAAEAG1YfAqAIQ2O8meIDOAbtPCpET7Ln4ioAQAWIfYAAAAQEICv\/\/M48G5BF8"}
00429{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":791027,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ox1AAEAG1YbAqAIQ2O8meIDOAbtPCpET7Ln+FIAQAW0ZywAAAQEICv\/\/M48G5BF8"}
00429{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":791153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ox5AAEAG1YXAqAIQ2O8meIDOAbtPCpET7LoBiYAQAXgWSwAAAQEICv\/\/M48G5BF8"}
@@ -178,45 +172,45 @@
00497{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":7000,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"TGr2n\/YnxiwDYGpkCABFAABn5DgAAHYGnjjY7yZ4wKgCEAG7gM7sugGJTwqRcIAYAPAlqQAAAQEICgbkElb\/\/zPBFAMDAAEBFgMDACgAAAAAAAAAAGCBkTH0GlTpEG03TUiHoZEtrWtXoJe8ULPjsbHqT8w5"}
00428{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":15318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oyBAAEAG1YPAqAIQ2O8meIDOAbtPCpFw7LoBvIAQAXgUqgAAAQEICv\/\/M8YG5BJW"}
00858{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":127992,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFuoyFAAEAG1EjAqAIQ2O8meIDOAbtPCpFw7LoBvIAYAXgn1AAAAQEICv\/\/M+MG5BJWFwMDATUAAAAAAAAAARloW2AbeL3zCM\/FxBDPUlbQJO8P03c9V3tZ2In6JwC4p34fQaFDDmdyVo0vYbCj7yqvWAIMK+pMoWcRUNLm5xz6smYqyanNs+xhFrEwajdNfMaUt0DLmSlef9fgV8WhIEISQZPDD5I4WYC\/krL1xru5qePeoqVJQ\/5SnBtKtv6sVMYbRfwU5dFivRu2qWhzYIzkqjc0trYtEe2RJ3maRNpXD4ovdAjFNT5j8xEQkMVGU\/dQ\/Qg5ANnzXtS2oWpbghc60FaictIy4Iu3DGYmsxIaWTVAlXBBber9pLSjJDOdpfBn2h7dpvsVfqL79nOxJYYcT06G3Y4IqoK6Nulb8T4rx799WynRy4UKWNUki1\/ayIE+Wvg4JRPM5k0lzDrCK4cqkkQpYUJM58Rh5gk="}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454868348,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454868348,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":348648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00440{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":386134,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00428{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":386954,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00681{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":424791,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtA3dAAEAGsrjAqAIQrNkUSs0GAbvbqzdw1o6NxYAYAVdNBgAAAQEICv\/\/NC29hJeeFgMBALQBAACwAwMhPT2KHzHW0LHLGe6T2CwyHBBvprpU2QgwVPHkrHLB\/AAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABr\/wEAAQAAAAAYABYAABNwbGF5Lmdvb2dsZWFwaXMuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":461131,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0PwMAAHUGguWs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPAhagAAAQEICr2El+r\/\/zQt"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":462800,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02334{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466397,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+PxQAAHUGfUqs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPABYQAAAQEICr2El+7\/\/zQtFgMDAE4CAABKAwNeUlhUvrLDv7k9SIcDUVl7W67MLlbuQ+pET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMK2AsACtQACtEABn0wggZ5MIIFYaADAgECAhEAkmiT9mws\/aAIAAAAAC5xSDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDUyMloXDTIwMDUwNjExNDUyMlowcjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxITAfBgNVBAMMGCouc3RvcmFnZS5nb29nbGVhcGlzLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGjYvoWmAuEghf\/ulNjNGNsok42+wtJXhQpGeLGoP19pKNpl\/sL2YvefM41btnqT53ieXI4gPyoNKzjq6HcFxmajggQDMIID\/zAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUX9WmnWB+6rw+hoNKM5q3l7r85yIwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggHIBgNVHREEggG\/MIIBu4IYKi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tgiQqLmFwcHNwb3QuY29tLnN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CIiouY29tbW9uZGF0YXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CKSouY29udGVudC1zdG9yYWdlLWRvd25sb2FkLmdvb2dsZWFwaXMuY29tgicqLmNvbnRlbnQtc3RvcmFnZS11cGxvYWQuZ29vZ2xlYXBpcy5jb22CICouY29udGVudC1zdG9yYWdlLmdvb2dsZWFwaXMuY29tghAqLmdvb2dsZWFwaXMuY29tgiEqLnN0b3JhZ2UtZG93bmxvYWQuZ29vZ2xlYXBpcy5jb22CHyouc3RvcmFnZS11cGxvYWQuZ29vZ2xlYXBpcy5jb22CHyouc3RvcmFnZS5zZWxlY3QuZ29vZ2xlYXBpcy5jb22CIGNvbW1vbmRhdGFzdG9yYWdlLmdvb2dsZWFwaXMuY29tghZzdG9yYWdlLmdvb2dsZWFwaXMuY29tgh1zdG9yYWdlLnNlbGVjdC5nb29nbGVhcGlzLmNvbYIPdW5maWx0ZXJlZC5uZXdzMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFwOW68ggAABAMARjBEAiAqXIB835y+StI5buVS70ZlHDYVp42pBYP8iJ8VwBmaAwIgFi2WB39kbmHISiQJx4F+fUlYSadFNWOwv5ONd22ERy0AdQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAXA5bryXAAAEAwBGMEQCIBE="}
00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_tot_l4_data_len":1811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02341{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466413,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+PxUAAHUGfUms2RRKwKgCEAG7zQbWjpNP26s4KYAQAPB+TgAAAQEICr2El+7\/\/zQtZgGRyfP8Xh9BjAoXEsnXOyBoQWwADXDGTG0w6+y6eQIgd7a87AnMAIPmI7vqMAfKvnTSoJvBOb1gkg1ivZpc6vkwDQYJKoZIhvcNAQELBQADggEBACwqIwztAr8ECO0nZPWuv8hrKocVp7JXUDUl6gLS04pdQ3oG4Gq6+3Yfxf51TY5HKfS6iAlw96X4sklrOMlR9DcHRm4II5E1BDvamYGGIS6+ubrneYT9JnqCB2impZNFovRoq9AJRtwL8OeB2dCQHyfNs9IXqJ3BVK5PaE8YnPX8XyiThhuysVUSK4BR92oQZSQSGCPU0cH03xiS6VDymdAcqRmRDGu56\/j57F+GLPuEMlkvhfcn2JT2eQD9GDGKLBgSQn5\/GlANVVPyhHLc7qYZODgzwZbqKxr7Evr6UAFLPeDQ+aXEwEAswp6RrcVDbLLQt21NvoVuYfmoMhElfWsABE4wggRKMIIDMqADAgECAg0B47SaoY2KqYElaVC4MA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTE3MDYxNTAwMDA0MloXDTIxMTIxNTAwMDA0MlowQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczETMBEGA1UEAxMKR1RTIENBIDFPMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAYz0XUi83TnORA73603WkhG8nPPI5MdbkPMRmEPZ48Ke9QDRCTbwWAgJ8qoL0SSwLhPZ9YFiT+MJ8LdHdVkx1L903hkoIQ9lGsDMOyIpQPNGuYEEnnC52DOd0gxhwt79EYYWXnI4MgqCMS\/9Ikf9Qv50RqW03XUGawr55CYwX74BzEY2Gvn2oz\/2KXvUjZ03wUZ9x13C5p6PhteGnQtxAFuPExwjsk\/RozdPgj4OxrGYoWxuPNpM0L27OkWWA4iDutHbnGjKdTG\/y82aSrvN08YdeTFZjugb2P4mRHIEAGTtesl+i5wFkSoUklI+TtcDQspbRjfPmjPYPRzW0krAcCAwEAAaOCATMwggEvMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUmNH4bhDrz5vsYJ8YkBug630J\/SswHwYDVR0jBBgwFoAUm+IHV2ccHsBqBt5ZtJot39wZhi4wNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5wa2kuZ29vZy9nc3IyMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMi9nc3IyLmNybDA\/BgNVHSAEODA2MDQGBmeBDAECAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3BraS5nb29nL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAagD42efvzLqlGN31eVBY1rsdOCJn+vdE0aSZSZgc9CrpJy2L08RqO\/BFPaJZMdCvTZ96yo6oFjYRNTCBlD6WW2g0W+Gw7228EI4hrOmzBYL1on3GO7i1YNAfw1VTphln9e14NIZT1jMmo+NjyrcwPGvOap6kEJ\/mjybD\/AnhrYbrHNSvoVvpPwxwM7bY8tEvq7czhPOzcDYzWPpvKQliLzBYhF0C8otZm79rEFVvNiaqbCSbnMtINbmcgAlsQsJAJnAwfnq3YO+qh\/GzoEFwIUhlRKnG7rHq13RXtK8kIKiyKtKY="}
00643{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466414,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"TGr2n\/YnxiwDYGpkCABFAADQPxYAAHUGgjas2RRKwKgCEAG7zQbWjpjZ26s4KYAYAPAc4gAAAQEICr2El+7\/\/zQtIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwByDAAAbgMAHSB7VtxCRs0c8B9etZT3IUKTQvlT5LDLWvonE9yJN3gFTgQDAEYwRAIgWQUikQAvlG1Y+hPTaCU66fj7H82hI\/D32LV46lBO2YQCIAsnO6sk7meCDdFHCBVwp\/+edGHHEih2ITumUaxcpKb3FgMDAAQOAAAA"}
01468{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_tot_l4_data_len":3449,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
01479{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00428{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":467589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3hAAEAGs3DAqAIQrNkUSs0GAbvbqzgp1o6TT4AQAWIbXwAAAQEICv\/\/NDi9hJfu"}
00430{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":468175,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3lAAEAGs2\/AqAIQrNkUSs0GAbvbqzgp1o6Y2YAQAW0VygAAAQEICv\/\/NDi9hJfu"}
00429{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":468291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3pAAEAGs27AqAIQrNkUSs0GAbvbqzgp1o6ZdYAQAW0VLgAAAQEICv\/\/NDi9hJfu"}
00480{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":503086,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454868511,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454868511,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":511574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454868527,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454868527,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":527203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
00441{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":559889,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00428{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":563343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00692{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":563401,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3stdAAEAGBZXAqAIQrNkSA5AaAbtdpoaUbuJmY4AYAVcAOwAAAQEICv\/\/NFBPRk15FgMBAL4BAAC6AwOZySzIWyWPFv9jpx+5YWNqQg+xq9GVJmpUnw7vrnZc6QAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":32,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":595991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0mn4AAHYGKLGs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPDW6gAAAQEICk9GTZ7\/\/zRQ"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":597303,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":597743,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
02329{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603874,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+moIAAHYGIyOs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPAi0QAAAQEICk9GTaX\/\/zRQFgMDAE4CAABKAwNeUlhUQJRQ5SuiF2G7xnJZiVxojJOS3exET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMNowsADZ8ADZwACUgwgglEMIIILKADAgECAhEA7t5lYM01wK8CAAAAAFlxtzANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDcxMVoXDTIwMDUwNjExNDcxMVowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMqMT0i7BQw1shsKaI5LVdYjbI8UtqdK0sgAO6ZqOc+YesQP7j9s8prcdd5wziE9Ucvw6CrBVha95mxLo50X0+qjggbaMIIG1jAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUJG03UAoCuTPcqUYyl+EtiRo8WRgwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggSdBgNVHREEggSUMIIEkIIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CEyoud2Vhci5na2VjbmFwcHMuY24="}
00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_tot_l4_data_len":1821,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02336{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603905,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+moMAAHYGIyKs2RIDwKgCEAG7kBpu4mvtXaaHV4AQAPA4hgAAAQEICk9GTaX\/\/zRQghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tghEqLnlvdXR1YmVraWRzLmNvbYIHKi55dC5iZYILKi55dGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNuggRnLmNvgghnZ3BodC5jboIMZ2tlY25hcHBzLmNuggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tgg9nb29nbGVjbmFwcHMuY26CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJvaWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYILeW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5jb22CBXl0LmJlMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFwOXBpZwAABAMARjBEAiA+QN+Y1BC1iTg87rmcpsUM\/Gu24qPQtScwEkDt1exEhAIgQZ65pwiFU6WtL7WIBUDRTSLLJtQzSUb9E8H\/e+H3kv8AdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAXA5cGl4AAAEAwBIMEYCIQD9qpknf9RA9NTnDbJ1R740ilIoZ5axO70RNKA2ozIpDQIhAI1NyadJ74gUNJMOwgVolIAXXkoTlllaI+RlhpKJXQelMA0GCSqGSIb3DQEBCwUAA4IBAQB\/1D1o4bHjhENzzSVqw\/WiW7R1Yg4kZjli4Jx+LL27l0iKIq5Je3M7N9seKeytHKln9LJWcZKJU0ZbTMAspum0myuT9TCRUzlQySsFdd3w5wh0ORzaaMxfdFZXbP5bVcGkuC\/FdoNgnFFjfdJlif8ZWazQdGNT68dXSNYBrSWcZvTi6UHviVzyKRNF8NXQPkmfEGnd4JAhXr\/bNfKhYp\/n8vsemQpmKWuA2eO+1W3C8iCVQ2JaQUSEkOquDseMqEKLRl+Rqg9HWNZpZ7CJfxVEk9f8L9nc9fqQrRM3CB6E4nNwbo7jkwdkw9vcyse48vXjWRg69iSIEEw4VHtES7QNAAROMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKg="}
01608{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603921,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOcmoQAAHYGJUOs2RIDwKgCEAG7kBpu4nF3XaaHV4AYAPC2NQAAAQEICk9GTaX\/\/zRQIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMAcwwAAG8DAB0gSrU5ywnvnkB7dZHgM0sLsZmnlRz1E8V2FCDzK2mLyDMEAwBHMEUCIQCPeNWXClhlpfwwmkAkeAjuRggqxb0S1CUaJEKYc87xtgIgR21phmoPwqRwHIAuDCtSt6vUsRiSJcTnj77tX2jgzCoWAwMABA4AAAA="}
02141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_tot_l4_data_len":4175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":521,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
02152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00428{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0sthAAEAGBlfAqAIQrNkSA5AaAbtdpodXbuJr7YAQAWLQ3QAAAQEICv\/\/NFpPRk2l"}
00429{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606703,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stlAAEAGBlbAqAIQrNkSA5AaAbtdpodXbuJxd4AQAW3LSAAAAQEICv\/\/NFpPRk2l"}
00429{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stpAAEAGBlXAqAIQrNkSA5AaAbtdpodXbuJ034AQAXjH1QAAAQEICv\/\/NFpPRk2l"}
@@ -224,7 +218,7 @@
00440{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":843663,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00429{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":844578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00694{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":936798,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3PHFAAEAGe\/vAqAIQrNkSA5AYAbuCdQgtxrmESoAYAVdmqgAAAQEICv\/\/NK1Rt9ThFgMBAL4BAAC6AwPJiz4b6rt+LTNT4uSDXUKsbprZa0zZMc753ZkGH\/Y+XwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":32,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":964867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ft4AAHYGRFGs2RIDwKgCEAG7kBjGuYRKgnUI8IAQAPAwPAAAAQEIClG31Vr\/\/zSt"}
01608{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":31105,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOcfwwAAHYGQLus2RIDwKgCEAG7kBjGuY9egnUI8IAYAPA2mQAAAQEIClG31Zz\/\/zStIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMAcwwAAG8DAB0gi6uZsWfHiezSwbfq6DRkDn564CwchFJEx\/azysIlHjYEAwBHMEUCIFRKBiPbEC5Dn7ixMjVQzTFM1ptS4NLE6u7J5XY1wxXyAiEAjA1+D2yIXZT6j6vjd4XWqrnNsy8f+R33JV6fuBgC91cWAwMABA4AAAA="}
00443{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":32347,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkTGr2n\/YnCABFAABAPHJAAEAGfLHAqAIQrNkSA5AYAbuCdQjwxrmESrAQAV1KBwAAAQEICv\/\/NMVRt9VaAQEFCsa5j17GuZLG"}
@@ -236,25 +230,25 @@
00827{"flow_id":32,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":287135,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYnD0AAHYGJc6s2RIDwKgCEAG7kBpu4nTfXaaHtIAYAPB9EQAAAQEICk9GUFH\/\/zTnFgMDAOwEAADoAAGJvwDiAZR0wlJK56tqlFe1HOm0VA0hoNgd3WqRdt3VwNjJbABNFZ9zOd32WAw1h9XjV41RjhucVX7ApWvXZe5Zy+ti7+mo7AL9UE0iaxgA879V5c4wT1WxffCTNwn4rXks0Ez41Gfz8DZxFsum0C3k4EGCG4Jd5\/Rbzy4rsyMlDCqdSoUlFIJYawbJG2cjr8Rm+IAfDFYruos9nfazR2oqH\/hZ5w83F10f1D5Jzw1rluUTBwu8+qgbOURLuiVFYW4Lt2sayRdeUDmz3XRhiQmr8AfQi3w15FdrRfc2gQe7BuSdOSbMahQDAwABARYDAwAoAAAAAAAAAACZiErzXS0kd7\/KA9aEEAASjTiTXaFyZp7ND4tkNQ4v3w=="}
00784{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":288150,"pkt_caplen":327,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":327,"pkt_l4_len":293,"pkt":"xiwDYGpkTGr2n\/YnCABFAAE5stxAAEAGBU7AqAIQrNkSA5AaAbtdpoe0buJ2A4AYAYPsjgAAAQEICv\/\/NQVPRlBRFwMDAQAAAAAAAAAAAR4cFXslGpAZPuHoiPLlIlie7vqB6wq3xrA\/e6HrMCAQHz2AF8AbKO7FAUcqGUP7GLQ51xsck044J1hJDAPdfb27\/h7irFPkjP6rPostVsSj1gLzUkkjriCgLKhWHPXDK6UxDC7akrlGwl0ppS8gTqKGg747J9cJfIsuHktFX8IGsJ29ucQ6+0Bzp7lzmE8lCOe1j2cOeD7REoVaDT2u8RxWjfSuRKJfFQZzdl+7TBFRBZ5WoLQWO16D+nFqBLcAoN3m4QjwieOjfwnzwxDLCtoB\/Y4oDP5hUrPzeYkuWGrkZGwdD8BWg2421IjvNuTJ0v\/swtva+s2d"}
00827{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":319644,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYnEgAAHYGJcOs2RIDwKgCEAG7kBpu4nYDXaaIuYAYAPTElQAAAQEICk9GUHL\/\/zUFFwMDAR8AAAAAAAAAAf5p\/XqVoeBC+89RVlKX4rcaaMrlscPRmbHbHRxgxdrCAvV7Bne5xeVb0z3OXOQSUekEx2NhtiTxgNtf+gZbcg2rrGIapFfoHSdPK85pjcY33U27qzDoZH6rmTKn0oNLHEOxgIFsh7Zjz+9+1La3Ysk1WnfhSHwvWekf4lnoZFJ\/utO+KzhHrFOGWJa7bRGdk6JA3vrXf5Ue4+xzpKV+LFwwIlFVbQEUV2SgiUt6kKI7R5pCkzI8qv6QhpzLdsxR\/pIWDlZNPuIn4vTpoCU9bDBhk9rUrqpEz7fwRpCAIxbJZIgKdE8X8C5MSucg5ZkhVqj2AdXsX3TE6x0vaZHw8CULR5IPoEidIq04D+FdVrsFgUiucXB6Ow=="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":361238,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":363299,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454869517,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454869517,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":517223,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
00442{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":556140,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00428{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":557517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00682{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":614403,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtoo5AAEAGfxzAqAIQrNmozsTQAbv86peij0W4yoAYAVd6YwAAAQEICv\/\/NVdmsf+JFgMBALQBAACwAwNEQVlrFj9Y47MgZ8vO8k2FXJJ0JJ\/6X8XoKgfa\/cCzYgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABrAAAAGAAWAAATYXBwLW1lYXN1cmVtZW50LmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgE="}
00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454869626,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454869626,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":626114,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00430{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":652270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA00aQAAHUGW7+s2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAdlwAAAQEICmax\/+r\/\/zVX"}
02336{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657605,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+0aYAAHUGVjOs2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAyawAAAQEICmax\/+7\/\/zVXFgMDAE4CAABKAwNeUlhVGcr8B0rHO6b\/GCDsECzaxrb1DZZET1dOR1JEAQDALwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMK7wsACusACugABpQwggaQMIIFeKADAgECAhEAoHWTPAFc8ygIAAAAAC5w1DANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExMzcwM1oXDTIwMDUwNjExMzcwM1owcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxHzAdBgNVBAMMFiouZ29vZ2xlLWFuYWx5dGljcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsjqQPYIy13aohxBJa9uxsCVQvXEygJmGQAXKdSWIB4Mx3+vfxyWREdR0fxBMuI+dRqwnGjHe+X69qUSw\/iDyzS4wH3PPj2hJhLOSqPbkVXYi4a1FQV4s65FPsz34RD9wcIYLllYLqAoEyUnNoh8Y7MLdrV48dBW2vS6LOIT7nONe1SVeVs+hHU423AQTJmwHvjZ9v90J\/37Uygpr5yN7Qr1YUVTz0g9RCo5JhouIED5uqoCnw9s1UEanNF3eo2KJA7xiXF4+rPOYHXJI+I4B1swv4lmftVNhJN5lTHckJnJvBFofyZWz5c2KsvolsX7XIVOPCCw6HmBzXRNRkTDzZAgMBAAGjggNRMIIDTTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUJbP0dPtET7nk1pC7uZnV84BjsbowHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggEWBgNVHREEggENMIIBCYIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYIKKi5mcHMuZ29vZ4ITYXBwLW1lYXN1cmVtZW50LmNvbYIIZnBzLmdvb2eCFGdvb2dsZS1hbmFseXRpY3MuY29tghJnb29nbGVvcHRpbWl6ZS5jb22CFGdvb2dsZXRhZ21hbmFnZXIuY29tghJzZXJ2aWNlLnVyY2hpbi5jb22CGHNzbC5nb29nbGUtYW5hbHl0aWNzLmNvbYIKdXJjaGluLmNvbYIYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tghZ3d3cuZ29vZ2xlb3B0aW1pemUuY29tghh3d3cuZ29vZ2xldGFnbWFuYWdlci5jb20wIQYDVR0gBBowGDAIBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vY3JsLnBraS5nb29nL0dUUzFPMS5jcmwwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXA5ZxxLAAAEAwBGMEQCIGp+ch+ml1Z+2P0TpL2JC9EscUgS3U\/MGeFIVeTzrpxuAiBPPl62hWqFTci6xWjJgkPvjrSCn2SqIdPy94OXYSYCAwB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZY="}
00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_tot_l4_data_len":1811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02348{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657619,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+0acAAHUGVjKs2ajOwKgCEAG7xNCPRb5U\/OqYW4AQAPB2\/wAAAQEICmax\/+7\/\/zVXgXFFWAAAAXA5ZxxeAAAEAwBGMEQCIAlbEL4rwzkATincBXoDw\/uNnAYaFfEUvYBUtNjtT0Q\/AiBYbwovSFT18FB1KMB1EKUpO69zHXxsSkUzL9XG81tiyzANBgkqhkiG9w0BAQsFAAOCAQEANDfZQXf8foDoXrYCeRLaTSs\/hfoYGwjKLhN8HOFomPkcUSDRuIkeaWuZ+aElHPcMXOl3b9lqYkQwobrOCzkC8hafH1Ng2x\/rN\/PSANEq4vdbNtEkleNxOrly2SKnX7No4L+9OCkUEZ0t+9kY0LEhYJlQR5lwAwQ4qsEWK77xHC8SWL26gyh+UblnxrcTqMuxURb3AOUlAJzi9rop8XgnkwrZ5BJdbWQC728quL4ImIEDIIkED6Qg8KcPybOLITdX0hmIQe79p1S\/VdMvrTP3vzrp1aPNqqxQRuKsYAVIX\/eg+rPt9H1vMs00mVf5vdhfp1ZC\/ZEWnIu+etuZ4F235gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOg="}
00931{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657623,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"TGr2n\/YnxiwDYGpkCABFAAGh0agAAHUGWk6s2ajOwKgCEAG7xNCPRcPe\/OqYW4AYAPAVzQAAAQEICmax\/+\/\/\/zVXEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDASwMAAEoAwAdIBn+u7QgqnpE1LaIjhrhz5RsAdpexaWtkaz2KsS2djRVCAQBAKuBytnRvHo1xi\/DDalS6JuO9Un0m4Q4hFFaCdDPRcf+DxgelaVEAOJJXJc5Kr1BoeDGWZPCUBEf9xJZFl5bw54vOoNzwG7eu2zciQbQ3hSeZ1MftsM\/9ne7\/EJMck9gPMKQNhfshZwTAQohP55Lo\/EsXQuB6vxPMXIzpQ\/bQ5vJy6WbJuna2X4N4UtISD3xtBHL31xPnPmgtQU45rY492OnLgDg3yODhe86N4bYw+QSjfAhSw8PXZSFeIw18glJsRXne8QBsmKBFjDrvMeNyONL1afRlV+RsdVuhMGJHdUbzR\/m0uoIAyXSnWohltFeX0Di9GvdD+NawHonq2jL+CQWAwMABA4AAAA="}
01283{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_tot_l4_data_len":3658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
01294{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00929{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":738399,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"TGr2n\/YnxiwDYGpkCABFAAGh0dwAAHUGWhqs2ajOwKgCEAG7xNCPRcPe\/OqYW4AYAPAVfAAAAQEICmayAED\/\/zVXEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDASwMAAEoAwAdIBn+u7QgqnpE1LaIjhrhz5RsAdpexaWtkaz2KsS2djRVCAQBAKuBytnRvHo1xi\/DDalS6JuO9Un0m4Q4hFFaCdDPRcf+DxgelaVEAOJJXJc5Kr1BoeDGWZPCUBEf9xJZFl5bw54vOoNzwG7eu2zciQbQ3hSeZ1MftsM\/9ne7\/EJMck9gPMKQNhfshZwTAQohP55Lo\/EsXQuB6vxPMXIzpQ\/bQ5vJy6WbJuna2X4N4UtISD3xtBHL31xPnPmgtQU45rY492OnLgDg3yODhe86N4bYw+QSjfAhSw8PXZSFeIw18glJsRXne8QBsmKBFjDrvMeNyONL1afRlV+RsdVuhMGJHdUbzR\/m0uoIAyXSnWohltFeX0Di9GvdD+NawHonq2jL+CQWAwMABA4AAAA="}
00556{"flow_id":31,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":778854,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACRPHVAAEAGfF3AqAIQrNkSA5AYAbuCdQjwxrmSxoAYAXTxaAAAAQEICv\/\/NWZRt9XXFgMDACUQAAAhIL1QAZblmBaS6MGJRISNBquGjHKHv6oBM9BlgurCo98yFAMDAAEBFgMDACgAAAAAAAAAAL6QL605fB1xUgS6LTyTDwho0hrG6v3MkF+xlS4sSJrG"}
00430{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":780647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo9AAEAGf9TAqAIQrNmozsTQAbv86phbj0W+VIAQAWIXbgAAAQEICv\/\/NYBmsf\/u"}
@@ -269,55 +263,55 @@
00730{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":51431,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"xiwDYGpkTGr2n\/YnCABFAAEQA31AAEAGso\/AqAIQrNkUSs0GAbvbqziG1o6amYAYAXinsAAAAQEICv\/\/Nay9hJ10FwMDANcAAAAAAAAAAaUjp1pLq7doAXFoRPhZWR58fJOAnEpRkxO8Mv4ktuLmRQtiUMdV95mG4kqqPDHeqpzHA6lmvtKElK4xI9opiKbL06SgDrYtAygpdyYEy0vutTDREtFTwp2s6D\/1TaKOmK4EaXURmC4JPOM6tf0cu9yJSwwmhaxSsGEm8viYV3nmq19Hq6+xXInWS6B+ABplV3bV+VSZNMMbuy74K1cGTc0K+PtSRYBPu4w2wUEAYSMdI\/gxkypgBLQVpTzAZp4Mbxk2QPOSe48DI8gFybwi0A=="}
00829{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":83405,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYghgAAHYGP\/Os2RIDwKgCEAG7kBjGuZPqgnUKUoAYAPR1hwAAAQEIClG32bn\/\/zWHFwMDAR8AAAAAAAAAAQ7BhBG2DqqUMdwwsRseJG1rLbfoFfMGewoYmrVXALwA7JotYtDqBdPtWrARdP0z1AuCOC+kFPd\/t\/Cz4o\/KYIi1aMBLfMwwX7LmP2Xb8SYiD9VoTZSXEnGC8uXAjGSum\/ZcbiAhFwEHBotnLEOekifc6MgOgcJbQOoEw9EvxL+udMJ2Dbm25w09KdE5NQNAZruKREcbWqjnlkkXG\/IQj++BmW5eLSawGefGDc5FxLol9v0Cn8UbEjcC0ovNvBbu6AoKbdO6XhzsAhLW5IjlKz+nGVf5sZywenHdKYtgAWuGJf1ADfTw7bALT31Hp0ogHNXxDCVwmTy3Go6qvk3jm6sIDSU+6PxWH3ViVRmYZhPouOqlV5DGZQ=="}
00443{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":649882,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":996454,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":998449,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":52,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454871042,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454871042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":42436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":51013,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00440{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":56176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
00429{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":57218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
00440{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":58563,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":61577,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454871069,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454871069,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":69614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454871075,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454871075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":75698,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="}
00440{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":83686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="}
00428{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":87218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"}
00440{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":88655,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
00427{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":89851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
00465{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":90412,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454871094,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454871094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":94545,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
00477{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":100485,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454871103,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454871103,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":103439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01126{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":103583,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5xApAAEAGspTAqAIQ2O8meIDeAbsJrvLNIL8rFYAYAVc5mwAAAQEICv\/\/NstclUhuFgMBAgABAAH8AwMxTXvusHBDhpdSzKEoPqQ2o90gb87HP3QFZwA4kEZ\/QyD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHgAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBI0V5haWJofMB6PMnUO4IQ7keMeAwbqHFyCH7tJ8MoLgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01130{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":105198,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI53w5AAEAGl5DAqAIQ2O8meIDaAbu5DOmx\/LuGm4AYAVc8kAAAAQEICv\/\/NsuJFH+\/FgMBAgABAAH8AwNXR4IBK0icLctGWlxjvV\/JiAB62cpYMwCtfNZyJo3zdyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDrv790wU6es29sORpkI+NUqAeVoQxGptljCga\/6WmGZAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":115584,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00428{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":115912,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0NlQAAHcGS1DY7yZ4wKgCEAG7gN4gvysVCa700oAQAPAK1AAAAQEIClyVSIr\/\/zbL"}
00458{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":117429,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00429{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":118481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04ZEAAHcGoBLY7yZ4wKgCEAG7gNr8u4abuQzrtoAQAPDJHgAAAQEICokUf\/7\/\/zbL"}
00441{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":128611,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
00431{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":130064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00829{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":131065,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuNAAEAGMsvAqAIQrcJPco\/iAFBu6HApJij0c4AYAVesTgAAAQEICv\/\/NtLBhO\/iR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
02356{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132684,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+NmQAAHcGRbbY7yZ4wKgCEAG7gN4gvysVCa700oAQAPCzlQAAAQEIClyVSJr\/\/zbLFgMDAHoCAAB2AwMJ5+bEQZGqSbvKHHvA6OhZFmLIMc6WOA9IKTeVeBOJByD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHhMBAAAuADMAJAAdACAlVzu8mSjqJcKGpo9HI5rQXClsQPwaTgdhQ9yhViWzLwArAAIDBBQDAwABARcDAw4znWgR9q\/08TI8DEAJmQg\/\/Wyv7Xw6fUhWjAAVBXIY6dCFzbcyvv7G5RiACsP48WNvufQJs42gcLTe8rMwSk\/+okAS+08DsNSUqcCIAHlXLEVEJiNlLXC6URbkOsEp0h0FJsKi\/rnY2JFTLl\/4jWzt5z4JhBIYLiJwLeoskfchOXpZB1YcvWP4f1bIJwPM3x11+Z\/YcUbw\/RxQZIAyf45c9djprp1bM+ieVPgJSNjC5fa3BxQxdePTxWoNQCMixHro4X6dMtg0sabqwedtnXyLvnv1I66fcRLu5RC3J9H5CMffqptbGFa\/6EbHcFDYzSzTwLLOI5lXSsC8jI\/pKNMIMWdJzoaDyPqzSdiw3pHJGbjek1bmzlEIYjoKZmhJLEq2i9PjauCtkpAfw3XZ6kQXcJqd2i43EkqU00bF5X\/BtiZfQas49kbcdhnbbJfFxRHsmUr+y\/\/HkNcjJRU1Rq16b\/hriOmVOAK2jxHIwkc7NsnGWDZ7BweXYCbeGqYE6n\/mO+w8YWFDkRdIBgwzmFOBLwFWLjdPkb1Bus19SlMl\/gvinkrbtLTycyCdfpvCnKyA+x7XdTbYhTlrTnQdQQz3bQHYcJRIfkBz5QVAa+NC+pKWts0VxK5CwC8naJqnE1V8VzVIc3Z039tcc\/rDCX1lakH\/\/EJjM2mOmDt0HoHlg7U21qZtfCGKkuwBBhdLjjf5h6sv829St4z0zcYkxs7W3UXss2\/i95jMg2Bffj2qal\/yIXtXvgqtZgTVMQl4MRwfd0QFwubkwUGZ1tPe+Y8Kp6WKikKEvYcTEg55tmOdT54bu1E0mtW1chribtv5fpxbhnZdZpcyfvRZloSnNZ0V+JtnZASi1HFAINCUY+7Fc\/D40Nt5zgJaaAdW++RvNQHbNhOIYzlSWx3qyYHXa06nu5XGWe+Ozhj5Lw0j0ROnRHh9tSMUNGZhOQUj016EMbKa1+FHzK\/Q7spBiccqR5V+dGRMELW\/ZYUjHqFnVhORzbdP5XRHFC1TnZf5RiXjOeRAnY8uaaoxyTTVBKHS01j8OuO1Es05bzO9ZFCDMlLhbr9+95Ur8zv+Q2caTWc90VNRQiTXJC\/Fe7D+S0W5N1L0N0jbksz+xvjhU9l4ZhREP4Y3bnqrFKfuupc7UPZ\/9h7hrJhpDWmmwRTtph6IbI7re91q7E3j86OddBssD4S6DTQafJ3oYdYfNb3rLU8+92p+hfGNE5W0bAwBO\/qKScpdZ+o3t0Qnbbm+NMDkIN7dVpCxt7NTHxcoC5CbWLP3ewBtns8OjqQIOA8XYLMBU9mvKYXCxXQLBb70znbPL5P4NV1wCkcTYABDKKdxN2YGzE2Ue2U9xyfmOAXEqyeL62QWbh415R+EL0tx9jeAiPqDhCFyzMUEJyjmVbsC0uC4SX3+nGZeifWuC+XLGKBrz4VW6wrXm7y741f\/dBE7AX1drxNYZTSr+AwS1\/FKYaSJhPXer7dDI6zvAhkkqjPusZzXccnhPsGI2o7ODauEGil68M7qYcsS5+S4KINm7fb2IxlC730c651w8LQkc33wNs1AWnYIcuWSfQ6ljQeneJd59tGkBKWQczWPKhSyGHln2C2vd10ytttAXbGGm2OW6zAASXTQhhdWZDZKkhYv5oc4gucD5CWgPej8cCLBNxKv+R176fSL14zOhsHUM9017zEMHLhJNv\/b1uO3TTbnYuxJqKI="}
00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02346{"flow_id":42,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132698,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+NmUAAHcGRbXY7yZ4wKgCEAG7gN4gvzCfCa700oAQAPDrTQAAAQEIClyVSJr\/\/zbLt2z1UUcE971oL44zCEN7OSbyOo0XDyXoI2kJMoGc6gPpAOusRu1EiAS+BQwa6qETsfOUAgIGfEQnKKwN77adL0ghyBJZKCR6YP2pee2HhJqwV4vcVl3Q2b1pujuIOlQrNIiQbE6hUVly292uSSSkoohu2KFiT1emMdOFqtM8\/BBqhwp4gFpnbSmDBpUB7a5GuelUbGOt8bSUpLcOeMeAMqNLfV+Rg32drLAKIQRpNDVt56AB\/SMRAI+xbCp+kUsvwh+aF+0mXvjs9EpPE6e7EheGPwQgMEdhiCfhyYGYTnjmE18U2wCa5QZwZXrhtZbNiUE58WK1HGlx8CzFVoivDUMy8dRUbvOoPYAdLMsC3ZRU9kKYh00c7xmhmiWbs5+2LFkvMuoqlCID3wbuMlIO8uTnz83TC31IASAsrcZ2K+AA2ML5cuuP9rt+jJX7Yap68TiGMOFTXM97rnIIImXcjJEWklH88Pm+iLv6fMuABpq5Z5xlGLTBPeQc\/S3bLMrgavBOJI4kPJ\/DUe1tu5CUmyeSC\/uohZ4icr53GhrRsRMOh182\/sdEVjJ8OsSdXtaWfXFesZ5vTF0hJ4+4p\/lK\/GRKiMSKfENoIyalP5SOu0aKcxmFHODNYl4xUiXmQdSzlf0OB7r7vNlre2gqxT2LgKIXL9mxtEGAvC6dMwblrx7aAnZ\/Ar0YEDX2sjIpSfvpbyC36ZUo9dnF+sdbgqWZxVxwsk6rNg2U311Tt+XXeGw796ohiQO2+3XBs+NO\/l2lx6vApnL3uY0FuGI7wNhmKVOzyxyq3B7V6PFA3awHAVkJ4JGqsQSAscg\/m2TJCQ8oCg+ln6WxA1J0YQfTPrazRVimvlWOIeX6xv6fFF9wOwATPh+9IoSlPVYpUeLZ9U4fWo7jahLaukWNdOc0yFwD+n8YA11FZ44EYcz6vLdYAyBijvHbx6E4RHMsuU3z2FnfXyWZcyDxO9UpefsBgGLIU+G1bbgmlTnqClr4uEeXS7iAlCt2uW6S7l0dSP+R1Eq6Jq4NRUeDaHKWJEIwulJFXeIs6x\/p+rQrMc2rZDch71dIJtK8tz2ZMgH9wxvf1nfi6agUwwq2oLQaWt2aak5zpWvG8RC6LgePPPNwR7c3zhC0ZmvBxT8333k3e044ZABu6I2CvqhaD8zndPZvdh15DsoKPtQTXpqM+e0a64IRUlAgX5iWcrZDDUG8WLTcGKD+v1GDjYLciVwB8DCvca3dMRUyHY68kZl9pItiLp9+BhqNpkvMyuE87dPd6xHJFG9fzNgxIO8vPDkN3aq8MSSh0dQ5GY5AD9zW+yL2c2DZwIRfSiies4njVt1b94DcdbdOqAMbuB9dB9dsFDaNTnCR\/aeOGuuBhq\/e3ay9nBjevJXs43TnXIg87JOpyBBMhcUEwC0NgNxqplaHHSUujzkFkF7uy+kunZ9ROPUHNG8W1p3U34qgyKiz1dKFeWTENnb9Yq\/5XwLCnPy6Pkw2APb0M3sXQxoDu31MHsgPXGd4y3pCjuiNGlVluzibQHNkA+5AVgPHYGiZEzgMqNo2XdLQRLJ7OPdVwqT6D4wj1gc6Nona7XvOK\/zcKK3nFQUAJ2eUX1sbI\/0Kw0Y8TuF4TfVpQEJ1NIWH+sPlD5FBivNEHBweSvNorw0vkmMdngedxbCK7UueiAuzo24B2K31hWIaOtfLZxWVVlH7FnbnV9P47C2fuc6rs0mGNY1w1X4MWY8t1dweAMn68RCQuvsFeGVzXKeMY3a91VXvfMZebDCnV7Sq7hQ4DxJHuW7YK49Xpsb5IHHtuvOBpaLTksrTU0nuC5CCByp\/RZECLZNLtp9xyn3TQEiIV\/Tvc\/VvL+2A7GmLdIn2LdDBmNJTk6IJRvJMORVRIFw91K8mQBI="}
00440{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132705,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
01704{"flow_id":42,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":133578,"pkt_caplen":1003,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1003,"pkt_l4_len":969,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPdNmYAAHcGR5XY7yZ4wKgCEAG7gN4gvzYpCa700oAYAPAqOgAAAQEIClyVSJr\/\/zbL0aD9M93vMr5fqdmS4mkDG\/NqlO3EL3KnAGQCCLFmzcbGKdw6S6iiMnicj2Eow\/ZjeKi5GSwwotgon+b4xOHOfWzinjYD3GSW0w8Lm0J9xM+EV85yryWoRF\/h1cPLpb8yFXMhD9ZnjOg4vek06Vlgyk6UQLv7oDwBRwYG+hb0djvN5zJxuYbbtfWKrkvqhjgjeRs+quY3Ksc2Fn1H3kseet2PoTM1xskhMTIlIW80Br4ZvC2YTqSbpNl7L8TdWapih\/xtjGiF7EXM3ODjZMVTd27GpStn1rj539F14F1QPYbhBAXJ0Nbjikut+gRAWuHpinla\/84RNvuWfzlUz0X5rvpwB4MkT3MGbh9OSpVhtP+NlgPDbmDP1ZeeLv86NAiNPNlvwfcgtMdtkGZvvCvFxY6LQilPxHEkFwIdh3TB9IDSXRaoaVpZxRmsUO+3JeHfLLWbrPh8X4YepW\/HGvOKP6xRV23UpFSexWD7XchKYEWpssakxigOxS9Bh8v714Z+Mq\/zPg4vqNJSVXjwfD98u0\/enDhi2BHMuviV9XO7yceuYNE0J8JiRHJJbqwwBXR25LU4ZQXA2VvKuZFPfZG+wGBbcfyq\/9zuWc98NBsO6uhdL\/loisOIonOO+1SkLeF5apbAvDS9VwJGoBqqWiY3CESgkcm4uc4\/cTPg0aQjnpkTc3DjlSD+WcBKx3iYmerB\/tQxxDCNHO5KASnjJfwTiOLlz0txNi\/pGS52AdM6xanbcAcVv+OdTqgwodMBX8fhBJ7gUcxOc7YhmqM80LeVwynz219tfo5JEtur+QPJz9E5CgfBTdbgyWvuRaAxQBiv85c9+Ew\/MYc8XelxgCp\/67sXuGllJBHIhJZDq6GZjqE+z2e1NZXahepncvSEF4nfaSgeKpnT71A7XRM3N0kP8iyXd22+CDCydfXGaVwLTCZITtqcU2a23gWiJNTb1u4nh+36dFQlHPq3DHn2+VGR5RjYoT\/zEaVtH6HBzc1i6fnbXOYGsMNyDkrXLMUOdSXrktPZkJbbcuHWAE0BSov1gf8tCpsZ1hvibiQ5iDUmMKt\/OEmEDJZ6qQiIzxRlZ3P2IsrmiLXirlV7eCO2rrp4kSfQvd+Mw3aQm7cFOWrsWt5CFvcc2lsHSf2pHkQZ3RCBkJC6O3PsvvAt7yoNsFJ5lJa+EJX6sDLDxRRYUGHJZFYD\/itWK\/zGSX2izwH2ENR0Ex49B3NuyT5hTPbPT4rzu9t8xGnT3cS3rA=="}
@@ -326,15 +320,15 @@
00428{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
00429{"flow_id":42,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135227,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xA1AAEAGtJbAqAIQ2O8meIDeAbsJrvTSIL850oAQAXj7dgAAAQEICv\/\/NtNclUia"}
02352{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135248,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+4aEAAHcGmnjY7yZ4wKgCEAG7gNr8u4abuQzrtoAQAPCXWwAAAQEICokUgA7\/\/zbLFgMDAHoCAAB2AwMKr0VNlFk9hzoO6B0TUbLPFIcBa5zTSa8CWE84m3upOyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZRMBAAAuADMAJAAdACBOncCMF\/Ubli4Sd6cOqcYTMbk4TYGlE97BZnOiZEVtVgArAAIDBBQDAwABARcDAw4yrItIQaPRkSlxy6xdCUQOntopQbGn+0k1iB7I0SdVfNjJ785GPXlRsBy7MGhH4aMsLWF3\/TgqSoiygpHh8NMfwlD\/ax2aoC4TSk5+ZV99Ixkp75S1e3cV6ySUswf9mC0Rq+EQuQLTtMA0VqjBcuM2egRBKykD2E6zAGPOa3MkWS\/Wt\/ZLWkOt+ZTUj99CYLf81eVIKn40tnC0iXe8kzMItlyYbl1R1H58l3U+kCW4xLBokFbRt7vAxQ7JhG60lq72xyP7oJrv0VMznWqbdoBPLPslFKrsgKsvx+yEV6VWR3D5oUN3CfhfXRmYrIarsrSTBDCShIK7CgHX4CY4Ck1VLt\/xUmDR7htBea8QK8tLH4bqZRJypA7ftPZmcp+Ka+lGIXVfoI+lYsiL+FD7xrXpbheoAIh+ajDdH4kXMVtrctL4uGt325Fp2nyKWKMppJIEkGiNgS6qNUlSwDv+1RheWrVRz4ycg4ZDKJ2+FyLkV8OnHuiPDvhftL7yJHqqJ5zF8PbLAto7jCHnKnwLV\/RExMTHFZwUuQIZrD26T89q7onCltXqwTAR\/s5yPdiqhbyjE6nrLy6pILxYubTKfw1h+3RqnQh3bbPJ5Q2Qm4T5C17RIRojmmRhTBjl0q+aek+H0RtUIErqEGVTLhBSykaCdNmeSxdJIfc5+ow5vABT+iZhxVep3\/EiPwxMUEImxzr+wCATOk2iReVs76QzaG10uYC\/X0nzCLzBEOkqEyKxS3v6MIMgwxmjHSHq87ph0kuLf6WB3va6DAypQ45vHvUU+0BRGFPSriKx5BfDY9mixN+fj6anWwmAijYDWXgMoL61NRE7X\/mkmRmPiowWMaZAJjVjoSZ5pEr1yhS2+aDRl0wGK7PIsS+TJdksdU3LrVJc88Rl0lxRqVFdOMpk2QRbvzJaB4eww0L2Veyoi\/XZK\/sndOWsKxWJFYHM1oWcBl\/zZZPncosBDOZi0NqD6NOoo0v1fT\/\/60fYbPS\/JocVW3vtNCcjk4pexZqcZDs\/ddtCPZsgh1UlPkkzlA7cTq4fZlF\/WGEpJiA3gbDIlV0pnm89WaP5KSnBhJJnrZbDh5c4m2sL6t+YOQ4KFhpAbzq28ouPa4UTf5VM6zB8scMsdlreFBH1cjgEVB0WOsITzDb1q4MIfLAiyg6DUf69wYibTUW7y+bIerPA8XbfBRNM+yFv8YteWFMGKJu\/BbQlRddYc1EB\/GB83YsNEEZbwoNxy5GMHpVzDpCUKh7hWj02pJFOLhYL+lMq7+b+DwsTnSAkLSYYsFIwLLLFtm8v0P\/lFtNZOb5nSqKGWFUFZ5EHsd9B44jepv6IfEO3yb9VH+y0L1gRWsnovqVIzp+jy24PY5sbXaJ0RJvfHv6Z1DFLuIKQXZCLPgnytGouQ0v80uP00uZ1UG4h5kvU6Cci9DYDjGfGRIPySEjjoT4ws\/8zSUJJktRssPMBoPWaWE70+8w+vn37au6hJI0W0AdegB8gcWxn+oD7zlBQaJ9aNRurrRoQYYAq9x66xgb8JVwAh9sJ+5uHIueozDwzLagREKF2bWZL5xL4zxcArgS7gyF3rBDNa0JB0SZNzKNgpuaHGnZW\/9yPhHdlD3Au1bTS6B9mHkd1DJWTG6NlMl599wDCINnKAZHK\/25ZE4I8cK6IUOp2kx9L7IoPdacXuUukSko5nmMfRDEHob+C5rkqr72XOqs="}
00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02357{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135249,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+4aIAAHcGmnfY7yZ4wKgCEAG7gNr8u4wluQzrtoAQAPDRgAAAAQEICokUgA7\/\/zbLALlm2XpcYfM2DyFlVqPk7s0JB3WtTktzck8Ewa7zXiGjMzYBrp9\/N\/C2dhP5hyDgybBo6ueXj9le5zQ5xz1WVjLVp4U2urEU6tVqisaQwD563EQ903AtABU+dsq06EO8BRBxycTwCye55+aAqqoVyt\/7LzRhCurFDe9QFTcWhAm\/dGTrH1qA9TWjuqEhJgXakWOHwDs54MSE7Eh70Eqwk0mP4pK9j2FCxXIUPg2kGbN4sqstuD4EFvYcYCJrwCy47VLw72naM6+gD4T42lfjIIrU71rBBTvaRLjBPz93c5URebS7Un5mZaJsppcChdWk4KWsuYnMxhR6HxvsNjEj8iaLSHb3yiN06WIdLFRxyNYo8\/qJYuW+csM3WvMOKnnRtxWqemS6KxzCIANkuFC8TITGRaM2+QO1PUsNyDcxxiT6PuyOVlbv9I\/gojeHcmdDmgzIzSQ8C9u3PTyF9T49EU7zoZjLOPrn7CIwqL3Ki1CeTdBPHUPZN0VDOZW41FN3jk\/In0VgVa8goXbN6oZKluKMskPAWkKerSrXMQFHzXDN6DZhnL8yv4ufaAtrq1wnFvKaxOjcfsuWNu5+cYUkpMSupClQVji\/3B6qeGCww7THgAbR6wXoHM5Pru5FA9V40SEulL9nOC4JynMawx9TH\/7Bysn2G23GNv0aUHqtTVE6dueVMWzAjkyJXJvvmMUQKoG4m8vKnIZlST+B4hW3PCkKdDPtgl085enPSK2J\/uILf2JPCVUOAc6kowCDHAnUu+JBwzZZ9kujDnckSlNuFbu\/pYwu8R997Z3N8beaC8lrSj1H64ab6KfnGu5CXV4KS1DZBtlRoD3vAnB5E2wVoKy1rhbLjSSgdR779BRxOIbFL14GqdeVIg\/EcuQWs7oy8FOO6o3CimF1sv43Fof9EUlg05WQfTteUehcxVpdqSbTqlBoSUzc\/LecAYON3mwOtjHLH4cuJ1qI54lWwc8AVusmjFEyQHYME1AUmNNylg0+qJZIcXLlB2k9zWQAdU25JTv\/NdK1My+e0nvJxhqGD4cQ+8CreQx6M7G6oILm2rzHiZ2DHjO\/D4imcK2NsNuw0rssaBK3w36K3D2kg8eS9\/bnmZChRGxKeNNnZAz73Q8OqmnR\/cIC0abR+kkIkPS01Vi\/fSKrjT5rEcIC8DapG4mgeOm\/lDetfcraNeVxz290QxTrucRTQ7\/btIVH1Gll1wEC8BQbvA0I1uNXwk31dlhkC7G1rRCQAihkoRZf1b0uettdYqH+jO+gxzFN1B0WwsRZw3GuATUIAhDdTj4zNb7fKWyzcwaBQXhhZZ6XK\/vU61xwE6+iv4S7NQH5F0K+6U54pSLVURgE2fKRB0ML9j5ouJQYZsrbjn1B4elxHIcpQTqJHpVithfkxfBN+IuRVjSyoGbLuVI5ahmpDmkzv43rtmQVtT1BRvuZJMWhuRiS69bcXBO\/PPLymYgestkPsAsQX0BNqiSTubolwalXNHcC9WoeZR2gvVDe4HIU4AwLp74vpDA\/ElQLudMSmzwDqQkOxwYnvZuwZJDW3XkSMpZx8vb1vYT4cmg+XE1qOP5IXroGmkXfYf1gHgr8x61qiRC8qc50efg\/ONCGVJXzKJUDoL+9gvN1Nupn9QNmoFuc8Jns52txnFrC3IvRhuRTN0BIHAot8i\/3VbjHsddBw2ZfMyrO\/rIOewlf0qC8mocojJMbdmXa\/GWBXcsqk5L5eFYIecpJ2P6FSPoqX6i2adCKgNrm4Wmc9Voyq04Xxrct7NBlXqp+j0BPMqp1Efs\/xpViW9uHYyQhIOYElk1rPO+rSgxBXIOKR+5dJcrZi39YfZYAvATozgeptBTrg1x\/\/tjQu+wJaW7frU27FDC\/BR4GhdcOgUPm1Y4="}
01701{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135250,"pkt_caplen":1002,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1002,"pkt_l4_len":968,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPc4aMAAHcGnFjY7yZ4wKgCEAG7gNr8u5GvuQzrtoAYAPCLOQAAAQEICokUgA7\/\/zbLWjyVBjvlXJ\/FuReGdke2EqW45bfZWi2TDOeztH7rL39rXHUf5vy+D7Bwv83cy6rLrJ4iplSfvTv4+mishpIMjmvfM5cChDiIIwReaim7vPx3GduyT78fMM0FedaSZ1NwUHOcS+KA2\/0w2SHCBTMo5YSEyayiDSkVhlI+O+leZx\/QxvFe2KzFOyaRAFb4QitWZw20IfOgCf3RBjTBTsUhXCC1ETxdjLEXE6VXKQMrPojkDPMgG5Un5BqMYt4RW5D01\/eGg7IfiEOT2a4\/Y3nHi6OtYTePLj1MGn7p2v1lhemQWBEReuYV\/1tebgC7mYeePoEyPpvnTV9ekWusAPlTm73tJgq29PQGeQl+l7MkJCKr5K6hvTfOPa3dZNXarjuZWsvLaXaDqU7f6FFwvjahncAVkctQCBcODmeCNfiE5tcjqKaYFAuxvxdZ2RlEc3prlEBMYkh9fMMRIfeNs1pbKT\/ehPr1r83w\/qSQyj1I7NF9evyb4SEUlAZZoF77GV4xuB6xokp1\/N7qW7zldWIQB5\/et6zogs+29vuJVOOy7Ih2PTmx9a4TXD14GqZ76ycqpuQKAK+O1hVOc\/RdqBHZh9FchRoqqbEDPp0yd\/cbK7kprMT47YyZRvVlUgteGjPLLH13irUz8XoeU0ip9GPeobKtlV16hmkOecicjraTfC6473WKEmG7aoEfrON3zrFWnH9GD\/mGIz7CDqk9EbLlNinV3e2kQGO+EBySWkIbxWZbIuXGBkYQIVae5RYLOG\/cYJroIfLQASbJ4v\/6lq6ONkkii6ZjFzgUmQV6\/3V4x3OITvZqsi2\/mMhu3ruerwkclyv2oUX3pJEA9VKblVFbenNg2\/EW6fQS3s6sAOkug7pWCC07Q5lT1KTaYeSLjuFKOSEfPL0GRtjYslB4gFJ2rvYVL7SgOiFJV9JksGQmpUEQtQuN+t2Sijfc1vJp+oFraEFkU4ao6ESH7+93u4sc+a9n6YvmXXuNqkuaW2cLjr4V6thqt7niWYdAAA4T0n6ptPo2PxLbChmGWHkaCrlSsA\/Ak5KkSOa6gzBI1Fi7m5plS5xQJSiW2SZGY9QKglFcHOvG8nqprNqSQVNVkoJ1M0z9xdWtEY1suVO8sbwN3Ih69VIN3Hv2SPntdHsYOEKVDYWz3H3j\/97fkWW2vMwUDbWj7HutDKIjmRzejOxaeYSOI4VlT7yWmTsHcGs9lpgc9xTn2f0yUmzeTvkpDnlN40B4ZtnrK3BQ"}
00429{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138374,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w9AAEAGmZTAqAIQ2O8meIDaAbu5DOu2\/LuMJYAQAWLDCQAAAQEICv\/\/NtSJFIAO"}
00430{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03xBAAEAGmZPAqAIQ2O8meIDaAbu5DOu2\/LuRr4AQAW29dAAAAQEICv\/\/NtSJFIAO"}
01124{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138480,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5AplAAEAGsMrAqAIQrNkVysrYAbsvYjRd5KJDAoAYAVcUdQAAAQEICv\/\/NtRtKuidFgMBAgABAAH8AwMLzOxtO6hOmIYWfBvitg4r+7Wglg8GVNMAJsb\/jQkPqyB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKaqqAAEAAB0AII9uaDFaArcbql7rcKk4GhOXI2ordsjsf6j3VCsurBUOAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAhoaAAEAABUAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00430{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03xFAAEAGmZLAqAIQ2O8meIDaAbu5DOu2\/LuVV4AQAXi5wQAAAQEICv\/\/NtSJFIAO"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454871152,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454871152,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":152402,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00428{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":164798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03fEAAGcGteWtwk9ywKgCEABQj+ImKPRzbuhxUoAQAPhCcAAAAQEICsGE8Af\/\/zbS"}
01043{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":166063,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"TGr2n\/YnxiwDYGpkCABFAAH+3fIAAGcGtBqtwk9ywKgCEABQj+ImKPRzbuhxUoAYAPixuAAAAQEICsGE8Aj\/\/zbSSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFZpYSwgWC1PcmlnaW5hbC1Db250ZW50LUxlbmd0aCwgQ2hyb21lLVByb3h5DQpDb250ZW50LUxlbmd0aDogMw0KRGF0ZTogU3VuLCAyMyBGZWIgMjAyMCAxMDo0Nzo1MSBHTVQNClByYWdtYTogbm8tY2FjaGUNCkV4cGlyZXM6IEZyaSwgMDEgSmFuIDE5OTAgMDA6MDA6MDAgR01UDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZSwgbm8tc3RvcmUsIG11c3QtcmV2YWxpZGF0ZQ0KTGFzdC1Nb2RpZmllZDogVGh1LCAyMSBBcHIgMjAxNiAwMzoxNzoyMiBHTVQNClgtQ29udGVudC1UeXBlLU9wdGlvbnM6IG5vc25pZmYNClNlcnZlcjogc2ZmZQ0KWC1YU1MtUHJvdGVjdGlvbjogMA0KDQpPSwo="}
@@ -343,26 +337,26 @@
00428{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":167064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0KaEAAHYGlces2RXKwKgCEAG7ytjkokMCL2I2YoAQAPAJtQAAAQEICm0q6MD\/\/zbU"}
00428{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":167424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
02365{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":175159,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+KaoAAHYGkDSs2RXKwKgCEAG7ytjkokMCL2I2YoAQAPB8+AAAAQEICm0q6Mj\/\/zbUFgMDAHoCAAB2AwOiQl3o+g7Fsx4mfI6kUhC4EbefXUTtlIWF\/8GgdhnuviB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJRMBAAAuADMAJAAdACD1dsfX4ol5BBkD4h5UKpi1tot14DNRO37PsJDMo4uyPwArAAIDBBQDAwABARcDAwtwB\/Iy9Hp1hwBFSdDO93J\/cAUXGLVlr3h3h84KBeMw9m9unc\/rCEexohSU5SBfAjxQlehWby\/An3V+IlE+RpO\/My6BWdaFGnhV433Xe3L786nudEIHoEYFAr\/6b5jkGFgT5Q3OoAwnCanCaOTDltHSwUKk0DN\/RZkuZJ5NjiwqpuU34HrGB949AWfEt1sqUicVNwZUzlSgY67wwodeB5wX6xtjvuOuYG4kNHq20L3BOm8phjSy95\/3gkpxvlxek6t1BWVgxKvV7+un4SRxjQm3eO8UK3ggvJqarZFD\/rBj2nuOf7x93lUQpbvfsSloTJEHRjmgQaRz75V+DDoBPvyk+9DYP\/HwnO0cYACBIAi90cjKofOGLh+3OxnAOMw\/0JU4Sg1i\/CPtR4h2o3XIvcpT\/2GRnUDp7vkKDcyKxFl\/cW3ugFX44F0OpUxui6v9rYD2h42GNimuFn3xUxdDOCPPuoBRakbKBt9zHSCPrbBJSpR0mBd9A9H4tIQ3AzyVR\/Z65uSORAcGpHzw26OGOcQTG4SZYZbGIUG+cvPJ4zQO3OjqcvuVMTDLK1x1a8ksc1cqD3qq4Yh49TkWoA\/4mxdgnx9Wj7mV38J2XNKCfLEbwQVXnJd5JupYrPtaGx23BlWfQlr7iAX5lX\/cHLwrOTUDC1r3r6yBUotGo+rQdrS61FGExud5R0DPjXYEGXhAcQt6fW\/EJ\/7Xt6MZ8ecoqaFJj47xCGEU0wVPqfLpjkMK5yPXVVjxpvGxiGuTs3198jT27nV4X0SLMNC\/yGKSNRsJ+QN4Tkhid8Hd0Bb2sy50XmNG0J77s4XzcvIgf48BOM2o\/cWRezBPx6IcRzuh412fBbuwWDo9GaFaU7NEN1+Eywgaf88zAhgAnVu12BMDzQPfUvT5jTG\/G4lHsub9PVRFfwiOfGZKExjponUkx7dTc4w23BdLSktlU4TDX+arks5wM4Uz1588LBAB\/+C+P\/xEfAU1DTnDS8fLdp86qeWYZ\/w4vLvt5u5AG1rLxPIiFvFkZNMijwWx5xSRESJQRGM\/nIwgovaNKYp9K9Mix7G1eS7P\/WgTdSulGrdSjYVYDRfjMUFAgdCZqDALqkwYxTWua6LW5++69jAHMEpGcaCyIrD\/JoA6WbOXfmZLFO4A\/Ci+1QyeRR8lmA2xOmkZQo98y4VoBX0D3FozheLIkZtNV+PUup0QzX9GPKP0Wt+h0Cmzgepx5jKcxURStiAZ6ltxzgILgBqbLlkoYwIo\/vexYhebS5peMeVJxRf3UGl5ZR1RE5aBseEXF+vt79swA0I7xKFB5+XiFk3cMbUXrc9gC\/ZO3bTe5y7r0s+jT0WELnbMPuXcoF3B9myZrMg72rtwDGpOGM9M8PEuGkKleqWUXStvyNfKLjyGvAs1VAJe9wfRRYW\/od1mm2\/Qx5vz6IORyyCdT6lGLli7kBuiPGa+PZQo1mTglrNp6\/VQQbBHnCjxffzIT5Ys0jb2v4aLdyQZ2RbSi5ooYdATYj7qUHEsTg5\/\/0y7zhqwPEWPvHagvw0Rer+ov5fkqAhOyAwdlxBlcwrv+QFit5bSeuyoU7G5Z4Dhpy\/kLbZQ8zzkY+vatD47\/TJTY+bHZnm7sZ2bPGaq8P30r2n0S7lr6VYlesAkFFBT8XS8hHHSH9RWK1Wn7DwW9vu5cxshVK091zJwuZY+BlW2SbU4vb3V9rEZIhKk8Lo="}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02348{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":176197,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+KasAAHYGkDOs2RXKwKgCEAG7ytjkokiML2I2YoAQAPAzUgAAAQEICm0q6Mj\/\/zbUKFp+bAY8R9u5KWQmwdC6MEBlLs5ujHycNry\/vfkvFr+3Az3xh\/o24LUXMiWqjUi74z0sXe+GKxsMWJfI3a1f0lo5gOHMXElqLKSO60H5YQX4NRrA5Ql4Y05Es0CWXhNrDPKYTQxJ3UrviGrcYBPR+hA\/OQiV++3P7Le0VeY9t8Dy0UGM3kRWqim8ELx4XecUAmN98B5BlYSY5Aug7t7Xr+WZtdswiidHztVCN8KfeYtosb2xFfQKtfV+iJ61Gv0SualbiOcyf\/WsfBU6EFzvblGAnWPhcUMWW3eHJrVAbmsC4R0owZiigiqcw2TzczwJ3roT+3cuv1K9Whoy7sfkESQQwT3poVh5Mt\/sjwzxmJj2wp5k1C3oiyKRfAoWnFJXRo7jt\/KhQIqzJYJ7zmeHU7+mJVpYKsQixRxM2j+bYgdI0788w2lY36VQvCfxGc9GHDqDH7ML6ZhTURaW7Zuxi9+VU4tih29rydTSkBnZijZe0csiPeOPO7GH80jlx9Injb7wrX7GBh05KM2VcQ18\/IDyWho1Mk8kAcKuCbSEyrxI6szFiq5R4k1hOCHoNjuxiUZW5Z0XP9wTguwvkKLKbszQKaBjabkfG4kgGZP1ZHj3JFu62nZHji1lFJNse8gafiVnrAsAGbov1\/hLlVMsVSn\/5G4CMcXEo5\/I5MFB4OVFspPe1c1J919JP9aQ25YzCH7AHXuYtt5SAri9BpdoqKKaT8T3X52zjGImec60zUjJyrt6Aa3uIak1MUf85TgHochEManIz\/DH82mXcWs0yaeGyTfruxfzl7zCum4J2y+Thv7+Kg12rxECr8P3mEpxwzyoV494zPGc5ESJpQDqSoViPQQXwo70YQUz+RiF3HpuE0K1reRQ08b+Sb+dPoleWTS9iG6fPGj9plAHBRX5HR2qXhZa0rfJXf4v8cJYr3ihicnylVspXiWmCueFt8O\/E+fv7lONnYUPOygQIBHdZRDuDbzH0ONbM2fmiAVicp6qrFfq0w1hWQGOhJEukRMFMCE11ttNaJjHNkuxATI4jtPzzS8J8ClR9cnqdYBikH8tjqd77Nu6t5r79WvZqGwIXwlYS3WERMVN\/GSOW4uyvj9dZ5k6YunYbO0BDfO5bXSKDQRnmuU+XFpzmnJZx5QJ45HHxGjJHGCLoUlkaImapTIJQE1NtF48R03TrD\/lcUphA\/u+SuViZr\/UBtNVH2xatvWqwFbTflH+XI474nPPKZzaTzvN1MZhFq8rJGwxHuptp1Q18Lcao6gQG+r39ZgxwvoE77qjkCG3rqbpsScaDUQ0dFAbLxi6SoVyYTrVVmSMvCZG9Fnq1nN7BupThxkMOdRcx0ycKjaL\/WsAxXEDk6HqptGJMufiKyQgDIYSwAVFnKECRRHxm82eMTMw3naoR9TWZOBjUoTMCvEid4MFCgO0L8r4CTcTHNQguhSm86fFOAxZGjTzVjQsv4vwlArPEbd\/YdKv2bPiyzz0iaY0N6hn9HvBqAWtf2MaH1iHPXqx9UJ2g9wW15aovD2QnPdPlHfGL3UV+hpAyN9v+ivGocqSQ2f7Jhykqs3riaS9uCgTXje5jOzU6Km1otCKVJF2y9DdMdKr4QSCVU+p7J8VdT59InZhs8aaGBNc3fqmLxlZw5pUBO+z6NHBo6G5UipFtYFVQcd2qefBOll86nunEE\/QnTBtxjJl7BOMIn9fNw\/1JIxjji5y\/b9S1INT581mdXmtH+mKzFL+W8GOGQ0ifZdyPfP+ZxRk3zR4canKdNkhkAxtlTcQ+JvYOsBKZdXoSth4qu6gD2M9NPs0eqL3VVldYcZSglCvpKHoVBDziTVVsVGCMlwSbU1iPMXV113R40thbPuaWvd2pnYamvPCLm5\/YwJyf3BzUrc="}
00744{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":176201,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEaKawAAHYGlNas2RXKwKgCEAG7ytjkok4WL2I2YoAYAPAHAAAAAQEICm0q6Mj\/\/zbUAlLuQZ7tC2E0I\/+a4yeVVUagZEEPssldkCoLqeJxckTw2TIPmak2VCzniPgQ7M4ovahjuMhAR7qP17BFuihlHGBi1Toiq7\/LsT1UbCaVj9KeWxU3qn5LqVESaWFILTwW4xepPErEhadU4P45jllOiVB7NTdj3qlwiIbh7f8RE8Y\/M17Nek1+tX909HFoLKuLYyNaKg70hb63ilQhvHFXdN5WdJQRR5iXkQxlo57FlsXrcD4fIlE9mL9um2nslYAlzcN39R+reeRMU\/alga+cZCm9X3GP0zzVr\/hbXlJDklrfXJPCxUo="}
00428{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":177863,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AppAAEAGss7AqAIQrNkVysrYAbsvYjZi5KJIjIAQAWIDqAAAAQEICv\/\/Nt1tKujI"}
00429{"flow_id":44,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":178611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AptAAEAGss3AqAIQrNkVysrYAbsvYjZi5KJOFoAQAW3+EQAAAQEICv\/\/Nt5tKujI"}
00430{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":178669,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ApxAAEAGsszAqAIQrNkVysrYAbsvYjZi5KJO\/IAQAW39KwAAAQEICv\/\/Nt5tKujI"}
00673{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":200149,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"xiwDYGpkTGr2n\/YnCABFAADo2rtAAEAGnTTAqAIQ2O8meIDkAbvMauxvlTROSYAYAVcGiwAAAQEICv\/\/NuPIBAjeFgMBAK8BAACrAwNFVUmkRCYrsTAD0Sv7c78jm6\/45rXgRFs9zPd5tSprMAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABmAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIB"}
00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":32,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01128{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":207179,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5\/AlAAEAGepXAqAIQ2O8meIDcAbs4lMrGVf45RYAYAVcaagAAAQEICv\/\/NuUm516WFgMBAgABAAH8AwM37xcvxqGOp1ZnThmurrs0HSWrnpg6Spe\/m2OgtSLfXSCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACAOqSgSSv06T6U6O4sZxiexLl9ocxA7uiPWoPZ34phLJgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00428{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":213549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA02kYAAHUGqV3Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPCMDAAAAQEICsgECQ3\/\/zbj"}
00430{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":221044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0bqkAAHYGE\/vY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDfhQAAAQEICibnXyD\/\/zbl"}
02338{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":230117,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+2kwAAHUGo83Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPB1aQAAAQEICsgECR3\/\/zbjFgMDAE4CAABKAwNeUlhXw\/3wc2vhUSZkKb51rJR+NfM\/M6hET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMJIAsACRwACRkABMUwggTBMIIDqaADAgECAhEA73cYYUt8fA4IAAAAAC5xmDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDc0MVoXDTIwMDUwNjExNDc0MVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELPMslgUlvxZOlDFYvRPJIO98RYKQx7uXzUIWylPrSSeXXdggs11MzbaxTA\/JzKiAqMFJpBn0DGKEJ4YQCImRt6OCAlUwggJRMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT1PLe33SjtRb34dzqS\/+P3nXUEHDAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBkBggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLmNydDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTMU8xLmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABcDlw2rAAAAQDAEcwRQIhAKiMq3M57yXUlgoeYqdu3Wm6pPgATel4xUBWT9Z5YanVAiAG9Exs2TAXqLz4lW\/cJ9Mcq8V3x7TT4Zg9tcllvV2soQB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABcDlw2ssAAAQDAEgwRgIhAJBI42mkQs84OHrmgVPlkAaxJDPgWyM01l52BLtarMudAiEAwCu7RBS6gTdFaeB+EjpbufWTGQSZ3S9JlN7r5CX4lW4wDQYJKoZIhvcNAQELBQADggEBAINTwJW6way1WTWUCau2DcPJiE1XVScrIuTdGscq6bBjPmYLbltYagtUq++nDEE3fMDfb3\/0lmrSaefS+Y8zGNMO+H2xVDuDjOfCFr8ol\/MvwBkpR2V0P076EM62Ue2pWohNk8IAj8A29sd1mIwR48Hx4D6hOLDa5wKGouWyinkyKjxySDtpcbj9B8IAgNu+Sh98rjiuzhQSmxqoZ71CowmNO47tkJmsV3WbeB6rYBEo8eA+g8zpRsN2qA5M1Cj0LQXlmU6Q6BX+qyG+lM7hjMTtMHZTnvV5gSo1cfjyzJXHxdKTc\/sWMzsUhnYjNslISKlkmbwOw\/XR8VelOgif7MoABE4wggRKMIIDMqADAgECAg0B47SaoY2KqYElaVC4MA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpHbG9iYWw="}
00785{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_tot_l4_data_len":1806,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01965{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":230120,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1202,"pkt_l4_len":1168,"pkt":"TGr2n\/YnxiwDYGpkCABFAASk2k0AAHUGpObY7yZ4wKgCEAG7gOSVNFPTzGrtI4AYAPAW3AAAAQEICsgECR3\/\/zbjU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKgjEv\/SJH\/UL+dEaltN11BmsK+eQmMF++AcxGNhr59qM\/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmKFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7XrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd\/cGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7HTgiZ\/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoNFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ\/XteDSGU9YzJqPjY8q3MDxrzmqepBCf5o8mw\/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wWIRdAvKLWZu\/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZUSpxu6x6td0V7SvJCCosirSmIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwB0DAAAcAMAHSDeeqx9\/JOnXxCC5pZb8ZnoTJtcJSCnrdu9k9netQrvdQQDAEgwRgIhAK+r86lTqB4MRqt+Pyfm6s11BmhMnbnSgVOyTE1BuE17AiEAxIkQIYXvt3sIPutT+8bV7nV6iGZkX87vaDgjg4Y1AhsWAwMABA4AAAA="}
01034{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_tot_l4_data_len":2974,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
01045{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
00428{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":234667,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rxAAEAGnefAqAIQ2O8meIDkAbvMau0jlTRT04AQAWKF9wAAAQEICv\/\/NuzIBAkd"}
00428{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":234949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02r1AAEAGnebAqAIQ2O8meIDkAbvMau0jlTRYQ4AQAW2BfAAAAQEICv\/\/NuzIBAkd"}
02349{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237524,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+brkAAHYGDmHY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDiegAAAQEICibnXzD\/\/zblFgMDAHoCAAB2AwP9hhPvnJHsHwgbuB\/a12nYXFCLjZb+es2RITJfoZRhNiCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBxMBAAAuADMAJAAdACDI9NmE7LsMgMdDQ\/xYQXylhs4qqJbymZX5d58CzKA9RgArAAIDBBQDAwABARcDAw4yhwbtAtoR\/a4xBK+O1BWDVt+21PZyVxWMqfhWUllj+XC42iKmRYz6Ew1Cdj04IUlKaq7oU9gQBkinQ2J87TkYzp3hMr+DojF19eU6ntn1BC5fVs3Y5xOH24Rjivc03t2pBaQM0Hb0XqLA2nn6obpTdDBqE+AyZ6lsSnOHlQJ1XjlZ3Pbs9FLpwfcmvmmG\/Id2P+LfRFob+\/3tm8mv9Uq0FvRTWH5Kuh+Xn\/+0EguwtZnd31JYmlTNT4uqMSWQfa6iCDtOBB4vYY33\/8WeBY2Ly8aceD97fKeLXxt8sm\/2EFlSRxTZAs1tOnKHXlFKTHMRv1itUCR99Xr0779cB35os1cBxRTLTpB9vjphPAX3nEyXI2mmKTZ5aYzKUnGIw2N6h2L4g8YRNtPCisTUzaf+uPn9oy9bYnlAeWuGzzr0tx18zNZbokF3rwBQi6XRsDigR6rZeLCH5rPR8eK0nYnTFFXbqJ7\/wW97+LBp+L76D5wUriJyJ3SS+nfVyJVMK19mZYV32qrxtA6hoWzZEqSq\/i4s2fub5YVkgyh8SeL9QW6RVLWsz6bcxcn+e6vYf0DofJgLy69GzdCurDH+ZRStWz+ndem34bIWVbYkx5XxvitFkLd9+85iIor\/q0ZtrSwmyqMpXA5P6gCQv02WmWopprUIPCEMScqpGAvQLjIlyAlezFgo2sIP6H5rtNzN7Smb1KbcPsiyNx2NsvHsRODx73Y6Osbeo0SKygmsh6kT9UiIFmiAUP9orghjMv4k3bLYltUyU1SCEAO1PX2NbNkaDRzCu5CHym8PfgUQfUAISpR88ZjUnFakkpvK0bM5l2Q5D2ZkMFg\/oWOV7ZJw5eGPAm1bfV72Ad6coTcz7VtCnga3gOufjTnCtNkpmkg5UUqPc6THPttlbYYkmtDnRWA86I\/Oq8ECtno5VNXj8J2ABVusp0oRAAvhKrnvdicUzHbsqhH8R4bwa+O90uoysJxEMoTUglCn5+S7pyQ0E6KUV0odKTmY\/yad5iKLruMqCCNn0kgFDmWDm6FRx\/JvsHj2sudKoOH9\/A2arSwSH4CKWHzVJhx8WGKfN2Ryjl8l+QUEXZa02weDaMchrls21CCnCYy7HSvd6oSJX6+1mCShaEgxLp3R8QV3L5HIaJW\/5SGkhn+SJCW71ZbBgpmZ0TBzoQW2c5Iwn3sCa0FL0FZnNp8lEc8pGkQdyl7qCJbBvyh79oue\/7IQj5M8FP4xalqQgpLehisDlE+dWlAjYtVcn2EmOVPBzLDFKVtgFxI2AEAz0mxg1P5tNIAlfauGUnxcPoh0P5hWs3wERy8iLMHgjiHIM54rIJI2XbY3r1VM2Hu75nCkVi3PUyIJtvhmjnRl41F1qrwfuZXDnhnIodUiOTY6ZcEw5OSMH\/x9uZ6Pz1HlJoebmmaDZmCC4GgjyS7hnaMbG1n2bsxKXdC+TKGZo9wc7\/NfTLYjMwAc3bS2V+yjpMW2Ur6z6MrGiT3heyj4ZlMaB7Lr6jVjkQSMZJLW0OlQi5EpmQFIPqb9MeInydeKvdUdpswe7zfVzkcDaSl5Vbi3j9PYijQ+3OHprcNAZmJLNiwSAbLaXJBkjsxcud3mUUBQT9LzhRtEIV0b\/OsUBIrccjzWJUGosM5fbRjY2nQxYg10UGkKzfpb3m8Rv1K8Cc02WawPivFiB1FdnpCrNg0cZEy66Tp9gulwcGa58qs="}
00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02358{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237552,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+broAAHYGDmDY7yZ4wKgCEAG7gNxV\/j7POJTMy4AQAPB1RAAAAQEICibnXzD\/\/zbl8kB0BU\/LoX9fP25axRi6mg+jrwjfAAdasFgcXjDqwFVU6VaTsul2cnbxO5J0BWqduNiWF+j9+9iksv2bjEvLQ6yzljqQdm3jGQ1SDSX7\/pVyt5tuz3NriQ3W6bekKGbTIZMSYTsb1XEZYrH6zvaRdlj5gFn4cIS7cibqVfQn9vQ1\/QdvzdVMEPQeNlyJ69YvLM\/e6yF1yKSyUJyEBsy41kvDL9mYCqm4SzrNP29Sx58fWJHNxdY3po7NaURYW8jnDoLXyzojO5c6Ng0uDC\/60Eql8TR42dVqT+CwpWu70Y3JD8s+o6KH7zPddPyrxSzRUoqiuRkE7bSE97RRz1+C3fxR7ooMYJ4sf0Lq0mR3XFAkZqAHSFUxx06S4q5iBRaq+MSiaJR9yJaPtODtMCp0v+ncelXeEuZyKaFBW2wXbNnX1oJmdN3dcyskJZXgq6tohkMC9BLM9eI1N8IUav7SIgh4FtZBoYJq25wiGjzjc7GzEUqs4N2JPWdKfdD9y8Lcv+NSYOtZY0bN3A0eNy4WnLDm7Spbc\/xi69F2X9s7EKcd3OyLM\/Q0Zl2Ol5qvjVDNu3LPsvDriS0h5Hnnvm+JYQeaZn5SPDpdYkGIhI9R\/VkSp2WrTqqlMC4NbXXxiK9X+z4GGXa78QmMRgex1xcCLDGB2zRvdeHu+Rwt8pdfEVdtCfOn4sXtRCNk+8fu8fg7GikzNSpc3w7KoqLdhfymIFg1hXZAhp8jD2PHPDpfFjt67kxKAEOHFprggf5L7jojuhTlxMgonaRPEKwnWJ2p2+wDmyvLzHB1GwHTv6VBWdsJqDnYLKPw9K7F+q1\/l2MQe6smPKOMPN3tRhWelrPHc2u\/6X\/ZOCzD\/TP1EX+hjPKaQz8+ayjsqCarYlbE2SbLEO3BsnWPpL7ZwBtrt41EFmrrvsYQ+x6P+ZaGkC0AUIF0h4HJJeu0ZEye6RSjn4m0ECmrjKfbi2yn8Ci+HDQFRdew\/Gr8uvOhWTqiKBkC7viSxMf0pjcXrJcmIWAfvKEGEimAdd4ZRwk0oE\/hC0TOrhdbwMPI7We\/c96IKsu7IhmvwjLU5w9exrihf7D+cgPpYgaxU3IcWJ\/IDKh5kMgiF5prSZPoC1KwpIoonSBqAsWeWrxIqwmjAqVT1ly1nrlSPZESYlcCqOLu1ErspULpxnjW2X3UxcBYcuIEOUqNEdvePKDDHQzzFdeDaI2z319DUR9jSDNK7BYwjCJIRxC5VvtP9OG2gV99uPNS6mCRUinynLHcz4hbafoU\/8DVgx\/QAEMSsTQoEYLZ1AV+1XCj9\/YewzH8ZJ7bJLsr1F8vxn2S3DdMyeSgxpA\/dYf2Qg4yHOTnhQ2+PE\/3oQVDD5hiQ8utO6X80v8MyHyoa+Kj81JDoH1CDyFp6iEN8kdCHfnBJtLfd+FYm52oJ8tks0C2JS5QB6qhh6PZElobgOutpvt9\/XUEKdjVnKniKiodRHqi7IJWliT4mMxAtgWznIIVuOzh9576xUmD9xvSyIewQ80V3xbGLKbR0gzVqRADKPpWvV4mA+i7vzQfM8xf5BMhlDBtKghWenh6kePLk8YQp1PBgU+Geafh+ibgiexxOWUocGyie2bHdCm4Sd\/Sd4Zbj\/\/71IiuJhG1r05bIBj8UY3KLzOlGJQnys9UvUqZs1S\/lR4cJ1Uf8duJ\/Fds6X3vr1Wtk7wxcj4I\/bRAmAbK5gage6cci5bla6T02NoyXVYGfTMrehYWh5tznIXiY5QZMVye9xkY36qPYMccHG2Iu8b268aQHUjlTFqjJ6YQuD6m41O0\/w2ONbwRAh0a0TZbjVFDX4OD1Yi3FOmctBmhA2iTCi3gt5Wkla1Smvb295ZJlocnhekhhhHZ\/GT4jV57FRRRGiSPtfx\/eeQ="}
01701{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237652,"pkt_caplen":1002,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1002,"pkt_l4_len":968,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPcbrsAAHYGEEHY7yZ4wKgCEAG7gNxV\/kRZOJTMy4AYAPCVYgAAAQEICibnXzD\/\/zblchfFAXewEzSV9HqufTsjhhEhtQ2RH1RAurqQ1J9cck46jI5nBzwm0C3F567qNX2QEjSFfQyRqAt6N3JdzKQFggApY6Yn9t2auMT7iqa78WxWCAWhSSUOPv5pY6cUlwhNs2Zg3cUKaDOyHidEplqt1h1nBn7aPLNPWOpL87Y4PPwpW\/+he3l3P87csp6LH4WtTQpqwWFJuaMjuajdhprFFpgXBJfL4EUjDqf\/oM0FwpO+rCfCSaUEWdHckF3qnHDCkb3ognd8X3L27+Pb8EW5mfeVEyquSCGX8DnXdumAHikx4qeuP2lhPRWfUqyKTWxkXkM\/a1sgqp+fBumTxzV7E3Gqg4QI2AVrE8iAPmORHrWkdpEmBzn3VtyeYWKpB\/gNbp6TPcxg18YxEuzFCuiqcI\/4FSQm1gNzNS+J9Z8J12c2QDszTktXlKt7TEMUYX1i0v2sBJhoqn6sE2kdWqTSpn5t55GsAxbS+\/lkpRqQtwCTKfR\/XZQx0cYrQ8fWxuAYg+G0\/aB91K0OVRvYEWmz\/t9JSAoFIySHAC0pTEWMD1y48mxiGne4HMup200flUz8jq2+Xa+bKaNeFzQ\/qqKid\/qU72O+7ZyKuUVIrFh21AWZCcO0fT7WgD1hkyMHndbHh\/U3SEh7bjgpnNsuIz12cDXa5IevNulHdT9lA1V\/oePl6ERSZ65+5xVaAI+s+k8sdMkqY+jfOg\/VVhazC+N365uyi1UdlYPhHmxa3xGIMrsAg7N5PI7HK8rLesN51vHtGsjJYNdFnaWbpJpHhD7CdLTB\/PaySnw3k6JdNaqXmEWOLI0442KxuGKsjoVUNE7EKSYdNC5kXc39zM7g4BtnVyRw6ZGT+nR4BHBmZ0YGl3IhPZ05vbMP9y64O8auGfXFPRKxj\/LJg4m5\/gXEdERjxJTnDsCxJET7oCBaUUPkylnt8VoHxhmEyND516YxH72ZLQi3LXCXIACdhs38rcGdMiHDxLTxiaeK0cMcOAAxE3U5AWEyutGmC1EXL4sKEY8+i96Dy3j76GHc6lhgazVoWttA819etuegE\/QURS54qtmIF8hFO7MT6TtQ7E+2qHHzeAXOSaF4EcYk1XGCb7i4VPRrJ2Xz+TIi\/JJuR1KT+AzE+5yu7C669IAKSkidYBRqn2XVeUGVRQoMLjpoIiypD88G8gMxWDAi5ZGtNfvzNDGUOsXtoVjiZ2Jfhhd8ssAS32Un36JTuN9XrK4bwS6TDuEMCTefBcYT"}
00429{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":240784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/ApAAEAGfJnAqAIQ2O8meIDcAbs4lMzLVf4+z4AQAWLZcQAAAQEICv\/\/Nu0m518w"}
@@ -372,16 +366,16 @@
00828{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":272515,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuVAAEAGMsnAqAIQrcJPco\/iAFBu6HFSJij2PYAYAVupDgAAAQEICv\/\/NvXBhPAIR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
00520{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":276284,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB03xJAAEAGmVHAqAIQ2O8meIDaAbu5DOu2\/LuVV4AYAXg1rQAAAQEICv\/\/NvaJFIAOFAMDAAEBFwMDADXVRmSdtYV84rUYgscB7KZOxlHItd3y5xaAQ8+97H62qRsrr9NPFJFj45mvi9FpX6MWKxOldg=="}
00429{"flow_id":42,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":279443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0NsIAAHcGSuLY7yZ4wKgCEAG7gN4gvznSCa71EoAQAPD7CgAAAQEIClyVSS7\/\/zbz"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":292222,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00429{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":293161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04csAAHcGn9jY7yZ4wKgCEAG7gNr8u5VXuQzr9oAQAPC5SQAAAQEICokUgKz\/\/zb2"}
00466{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":294121,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
01043{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":307313,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"TGr2n\/YnxiwDYGpkCABFAAH+3nIAAGcGs5qtwk9ywKgCEABQj+ImKPY9buhye4AYAP2uDwAAAQEICsGE8Jb\/\/zb1SFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFZpYSwgWC1PcmlnaW5hbC1Db250ZW50LUxlbmd0aCwgQ2hyb21lLVByb3h5DQpDb250ZW50LUxlbmd0aDogMw0KRGF0ZTogU3VuLCAyMyBGZWIgMjAyMCAxMDo0Nzo1MSBHTVQNClByYWdtYTogbm8tY2FjaGUNCkV4cGlyZXM6IEZyaSwgMDEgSmFuIDE5OTAgMDA6MDA6MDAgR01UDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZSwgbm8tc3RvcmUsIG11c3QtcmV2YWxpZGF0ZQ0KTGFzdC1Nb2RpZmllZDogVGh1LCAyMSBBcHIgMjAxNiAwMzoxNzoyMiBHTVQNClgtQ29udGVudC1UeXBlLU9wdGlvbnM6IG5vc25pZmYNClNlcnZlcjogc2ZmZQ0KWC1YU1MtUHJvdGVjdGlvbjogMA0KDQpPSwo="}
00431{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":308565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuZAAEAGM\/HAqAIQrcJPco\/iAFBu6HJ7Jij4B4AQAV88kQAAAQEICv\/\/Nv7BhPCW"}
00520{"flow_id":44,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":310761,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0Ap1AAEAGsovAqAIQrNkVysrYAbsvYjZi5KJO\/IAYAW3dLQAAAQEICv\/\/Nv9tKujIFAMDAAEBFwMDADVv854oia57qsZKL2XJMUFtHTxjeo6vjfgJRQUfy2PLm1T1JGRC5KM+KNF15Iy3q9pdxkWnXQ=="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454871321,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454871321,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":321492,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
00554{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":333060,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKAp5AAEAGsnTAqAIQrNkVysrYAbsvYjai5KJO\/IAYAW34zAAAAQEICv\/\/NwRtKujIFwMDAFFJnZKaM9gQsevdeBdx89hdv7S7NW06cDUNblX2QxT8+Fz\/6srYXvn2lo26tjuuh\/o0\/uD1mTA\/amaUtg4XOC\/5vu97X0e0xIppBPzz3RfhtOA="}
00863{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":334512,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFwAp9AAEAGsY3AqAIQrNkVysrYAbsvYjb45KJO\/IAYAW0xrgAAAQEICv\/\/NwVtKujIFwMDATc82jPEDruuII+fpFTJEuZupdHBO9TshMIb2eLglBMe2a+soTgBbQLVgOkrQ17rR345soZYwnq8o8cZSRK1bN3xFJKjJrXXhw9JAuJZoGSOZaZbvxAGG8fMErxQHvFRArKk3YkHUTDw+KlHZoKuCjNcnW2TmKDRia\/A1H5GGhOBYkwqWL4tFoeZ1S1JIhpfFAzz7zqFGLrPetqe0xd+uSahDyOuBc+ffHsmD4xbTOUD3CCKEjEX\/SA\/7EqOrv\/0AdoL36p\/tt2RL5LmFIPx0523VRt7+DTe80TiqcCeOSt76JQSw3WwGoq3ddCcvQN3FJ+72iZ\/E5OKMst7yguhgo5GQrAWACWPPvqFC2YWnHzHK0DVMENxpnqc0nWY01vA37IUMiWEeYL6fWr1QZXZvgb4qr69gSxrjQ=="}
@@ -390,16 +384,16 @@
01727{"flow_id":42,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":335225,"pkt_caplen":1023,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1023,"pkt_l4_len":989,"pkt":"xiwDYGpkTGr2n\/YnCABFAAPxxA9AAEAGsNfAqAIQ2O8meIDeAbsJrvUSIL850oAYAXhFBAAAAQEICv\/\/NwRclUkuFwMDA7jcXSbmK+7whAoBJqkuLSQdNF0dOQ\/xEt0K9KXgAXlO+nMKeWY5RqBoBswD8QbQh2+LKGTlcqALheQbXFUcEUInngBab18DPttwjj1qeCr6lVeuLlqseDaZT0Rc+03FvOApJanR3Hj5qA+CM\/IoKYXulhMt5DY\/un1XHbqFpImaPS4ZDCaCZkuJkQwsjXsQQ\/V\/nZwvEZKLehvJu27L7YvhbDykKRfX64Vx\/qOrnTwb+qjsbXDYULlyac+zQbfpNQ1xLZcC8fMjI3OJhxzWaYDFXCUX\/075XnmS9JjIzH6Z6SeAblZXJDAJVAh5awPDg3Yr1s0AAjW+TN9UfD\/6HBH09hRYurHfUiMWUDT3xVFARnFYvwVH8cantQnttRhDL5TeyrChB9mmGttaWubpUtkiAwXl2fYvxp4QKAvqgrsYE1WWjjdMCgqtVb+w64RJ+knv49dC67n\/Ug+Z6badQ+6kg4VCHcoBzYjRkfsK2agi1j3dFSsxON5Pw+31iXniKDheOKFavHCnolai+8EUcSMD4H\/px4dfuv9IlS2g3InYdce4c77enIGF24ahns\/wU2S5BLGXp5tS24Uk0N6dp3CwkXrZkeIA8YBRSRVBRQNSkF4BL0UpxVHjP6vGPrd1LzG\/UYHC+PHjYiP8ZfWrslklydVMtjZiRUWZz2GKLJSnFzDqRK5lrpf8Qul\/AS+XdxIiiGyTc8\/8QFB8sHrh4BgS4h8xZjKWQ8ezMIvQTdGYCm9iI4N3Ay0irF3ICU+zIqVM1Zmv5JYVNZiT6EUrtEljAUJD7HzDkpC4r3KwvOvG69IQOOGLbvP3VYEwwPQpqw9eIImnrmQqZEd9+F5KD6IavEikqo9h0HhxXXZhJgzwMeOaQC6x1rgGhl\/zVi8gOVD1v\/N4EzhOiMwWtcqxtknM1LlzrGsC+7DONroynyymIvw8mR42pvXVl2l0HGeUCyAC55EgYbgJPKLo5Sz2ek6SBjDqwdYJNTiPZp5aZ7OxDRXfAqygjYL17huYnpYQ27CpCutbZaO59ubIHWFeNzpmEahhSFmZtnN27ekaYY4RHU9JLZ0FtQHnU9+SEZC68J8pI2e2RfQKAJYvy6MGC1ae71hs1ywtqJjlj0DUMuEtiDQZyqeRX6gzy2NirFu1ux5B+6HJyhOYZdclDDIWy76E6sRMdesPHR\/aSJCIvoflRIyR37hLMmWuHHUQ6nWB+yRQCrYxtluzJGJ2i9kYGZebpB5jVvUcVyUY1xc75t1a2dJzOuuJ5GB6"}
00428{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":335705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
01129{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":339142,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5nfNAAEAG2KvAqAIQ2O8meIDmAbsuQarxOuHFYoAYAVe\/wgAAAQEICv\/\/NwYfL14GFgMBAgABAAH8AwM2HQqqNkiYixPn9BwY+6aPMTBPHUYVai51sP\/t1krD8iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jwAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACDaIvjlTeWP\/EfNzQgKtZHyge+ZIFM5wilp\/lsIRx8ZUQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":343067,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00429{"flow_id":42,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":347047,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0Nu4AAHcGSrbY7yZ4wKgCEAG7gN4gvznSCa74z4AQAPf28QAAAQEIClyVSXL\/\/zcE"}
00428{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":352300,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0sbMAAHUG0fDY7yZ4wKgCEAG7gOY64cViLkGs9oAQAPChQgAAAQEICh8vXhj\/\/zcG"}
00429{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":359254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfRAAEAG2q\/AqAIQ2O8meIDmAbsuQaz2OuHFYoARAVeg1QAAAQEICv\/\/NwsfL14Y"}
00431{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":359312,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RudAAEAGM\/DAqAIQrcJPco\/iAFBu6HJ7Jij4B4ARAV88gwAAAQEICv\/\/NwvBhPCW"}
02353{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":370051,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+scwAAHUGzE3Y7yZ4wKgCEAG7gOY64cViLkGs9oAQAPC4WwAAAQEICh8vXin\/\/zcGFgMDAHoCAAB2AwN8xw9S\/ZOSYqACMZeUrNR9nwHQkl7tx9m5Z1N7PUqw5iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jxMBAAAuADMAJAAdACD0smEXO7sK7Kajb+qi7uP78Ilw5tC+\/EM9jWfm15fZKQArAAIDBBQDAwABARcDAwtb0zvn61NQhaNfMP1sNXgMUU6QWsPOKVSHr0GoGFNmRF4O8U6PjTuUN0wgeMwnAPRNfsjMNZKbzosHs7u1zzzzy71LJ8QsdwYw0AboGSe0PE1cp5h17he0769FJKf9+7CW3iTukjkyPv+v91NNwl7Zmm2ghRo26LgOQVHxAweObg7kqKAHrm7HgSAokWgfVi1cOYJhpwAppcMeKKXKAEJsW+REgajW9q4x0MDhZg3x1c64vwvaUeaN3YJh3Ce89kCVLAc+jOKsKJjmSid8gxFBvonydJziUgQpzXh9lTU6RTsWEGT8djskM\/KEQdwO5FafjOKwq7Wd42OOCtEUQpgfZimcP+zQhhr\/K0hC0Lxf9wBjJ+XOw4q2D\/5sT\/X8h1m3TmxgLnvXK85TII0wYzJhSvkcLiJabhue2MLQR1u0s\/tC3unWo+bjkZeJNx868ZSG3aFf1QXSBTzznOMSgrNCgnrpPrFYCI\/JvwSmnOX3dj+GIxhlPVwAxj4ibH7LuIPiPJbBh277DOA4Fo1saIYrTEM3aS325729bzcASVonz1Ntpyp2pvMVPKOQFbRNvYDA5DW6G34VGEBI5JQiXZegBNzYtfAyNvo5lTbcvfFeVs++NCeLjwwqGIiP24UHNp+28Mh5LaZnqJoVhnfCOs9M2UxoFNdqbTJ87gi42ato7QC1kDo+SvudEdG7hyvSha6hHZUKxdp1eVdmntKGiyhPQNMnJ5E9\/lVhZi3wF+WqDgr\/APH4nv8QtqqlKmVuXFjoh47ARurQ\/+n2V+hjVCeNy2Hna\/bLYyo6wRzCb2kutuQN5vA8xwCVCxWUwJnbPuCdJ4uu7++nxGpINYsdidBiCE4azcuRj0JHnvMUVkK9xBjo0DUop8sRPHIkDhjaExgKlAk0\/Kf+rX9rTZk2NTsukrHzIbpoT530hGk39slv5GC+rTxLaCaWLs92W6v+N3o1cahyMJYuW4kXwu86\/3iYoLI7GJE6UEVKMzq7q23thrhjZ9Y2NGNjaEs1G\/YbiUrC6heXLCe86Hb\/6Ux7mrzXaZ2TfA0ybHSuVkDKb3iNFCyEutyOj9q1+PQXSSn93ZWXNhfpGZqGgfF6\/3D2dZLZS\/oy1RQ4xW\/tkLo3gyq7pH3Iyqw60YTjzKhvXT78xpA+FH2aWRcJF+8OEKr3BhM22B2y9ZW1UKIMJyPQKDOW2b\/VqX44exkOUM\/c\/Ml1et11MIqEIgcelZYvpfGcwUQEt1E5cQZ06mcFPQUtHU9KqDSBB35dFOl7QxbfeJzg\/4pODCUdDafgINYp4fv6\/DMTGqS13jbR4zQn7VcC6Kr55583m1Vd4W4FUK4qYato9sNHcEGdNW9ir2WzMsvkPXzroDwJuxGokG0Uga1PJ0KPpf3XRNswLMqCAeGXxSQNxt39\/YzCCaVMdvjiY+14cGSjpeyuDgrVxOWnMmAmOhniOEMajU3Umza0YRucTOU09yg+DbCZ3XJVoTYYBaek84mbbBuShbY+d6swrTNuSq8G7Y6c9irlsWNQJhWjFe4elnawqsSDCE2P9oGna72653C4sgkLQfZsgesdZV+1rNHGspmKOkzp59y5vUuMgG7bSv0MPzoRq5cLoFjy6LFgEY+FOdTVPFOWXnr0mjKx4ObkuPcry8Rvrr9NVewCyJI5CCx7SBNrsoEIB3VEZGsPI9HQWLcPiIunXL74\/HI8zMs8Goc="}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_tot_l4_data_len":2175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02359{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371155,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+sc0AAHUGzEzY7yZ4wKgCEAG7gOY64crsLkGs9oAQAPD6GAAAAQEICh8vXin\/\/zcGu1IywbQbnDc5ksf3r3A9cpM75iOyHjU9m\/pzcf1D1KKa0Y+q8qTCI6ibmEJGvZBc\/pyC6bzW9vp\/RjW\/jEE6rxszvW9No1vC3+4Upo\/moRHxC5460pU5mEl0C\/rIhxb9ZqKz9imSAW1A1MFcxgIXjkqp2Txd\/69oex\/MnOc7nq3H3mXJcbElER2WggtIeNSwxA65XMFhRluAX5dnYiDIG+mhXOHPyKYFDhaEFkRG1gTWBt9ErqKKw0JabG8MSuSajimj0CIbFoA6ThiA+Fy\/lmymgrFaKoUXkg17lORKkMwV6q4tL7Dkc\/aQ3erUMXv21yjorSJtTEk2h76w3fxCi5KqK4CJQAC\/bSuVfrGaq+TwKISfi7gfKCfhYEZdUquwnh8ts2Svs6ue1VByD4g\/uplHRQFel2Av4M0DDLhE4WTarczEVm0tCpvySs7\/5a4E6mAb4Pvvhq3Ehwemz+tjXDky1NCTfSsNMHWLf2oocAKK\/IU90wJ7ZKQDVEyDwtAhgfwqz6QLRhBLGYYPGs\/CWxL8A1dtUTTDNro1ee3Hk+96VntFB3ewB0puBySlTttVaW28TG1u6dYWlJghTWmTKpmPiZBqgYDJJBNRnnzZNEl0nWhW90Ah2YUbd3FvRa4ckqGYSUHAvt6PNT2nOmYGK\/D5Gj1xyv7mHzD6RrF+RahYm8AqGJ6\/jByt74D6JhzqpJxMhw0mtFHSlP41fNSzdUSteM\/wI8nd1MgvTmAS6yKamFipzpOJGmHdyVn7Q6YLHSmrkOuKkK78jwZvaDUnVV4bLlDil8vlJenC7kFTrV2uCNzQdBqJRIrRYFRYCEBbjAH0LIrlRhoIpHwU\/wvAZ84hAtrOcMbLVQ3TXA2s0av+5rNScJAHXtGlvCHpyB+wup6BRoS1GLdw9EP\/fqg6jy+4J9klo\/eE47vA8YhATuD0wNeyV0tX1u+yUg2EyIwpj0x0hSwTQA6c34pTjAhYdO8zKX1tscCbLsxXRw45vEzpzFZRjfkAvKhLLcI3fLpTJyxFAm80fDCcTmSXlyMUIX+6paT3jiru4lb9x2FisU1TnQnAHuPg7ICf0EL1MHgr6SBu7GQ2MtbXyX\/U4VFgsU5oWKIwAOfqpKZt\/9n4tQmDfUu3w+CwO7A2usG1jd+VvT3Rh5tZECP0Ws1X3h4T3+2EuymphaGigx4Nffn+5FdtiJ2UbSPY6YoIuqAxifiIA6g8jfcLU1T4VRyLxYrJwt2h555xwlr3JOLQvlFdX3dW0klbYnmF91p0QMLwEUXTYJNVyno0FhSZ3ju9qztgZorW\/+F09caxSOnf\/roEJOxXCeMN\/hJk8uGefKDe\/yclC2svHEyN7S8wn5ny40jJGVrQiS1GJnANfH2RjRFQGRja9DFRh4JqER7bBGuAlPj05uE3M3aC53ghBh9I1lJ1RI3MxiH65S0XJk6XrOSVMH2f+215UAsHTlOQPyiw06Y6tw8Js010vfKDz2KEDIqUZcc3Q1YSGplrsomHOOjCU1tY\/N\/OR\/6bXcggsW0N9+nAx7oi0QxLlsSOBGl5z1hgrXUmUAV1cm8qxtBtZwFhfuG6vtDzcC0eg5p0yG32tYqai218Z1FPXvKTqB4tj+pA5vabVkFhPHdb6k0p+KuZeD1X5XGzFWwO68LIaIZ+lre3L+fhIw3WF0mHJ62dNTpA\/KfzUmhy\/FJvDx8O6VFjXLe+pa6qVGFpn7GWnMcLEbpoRaTQZCkFEiFNlFnp+B409wxFP8FXj3De4vr854OdUGXXfE+J9qDGi350rOaTiIvL5ZWZnj1jrXJvTS82NE2nn9+cKXs\/tMolW0uqYmvUXNtDHES5QHMevGBoBNyfMnOcF8rKgh+1erjpLO0zACGZsXft4PxbLWoP1Ks="}
00715{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371156,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEFsc4AAHUG0QTY7yZ4wKgCEAG7gOY64dB2LkGs9oAYAPCqKAAAAQEICh8vXin\/\/zcG7ueDwtBPQ+\/zXsd4N+IEldV7LTFV2EKTDrUd7hUGwSYlVe0vqdvSZnh5+J+xEX+LutOXu6gzXGICoDkMaViKEaCNE5scBgiduaC2FyrTG22vcjUAhYx0BAyOwo5phr51dWHRwZ8\/4NMZ59QJtbgQrURiXm6DkeH\/9kjPuwsj0TV5WyfnKb9U3B8F9KYSXt6tXbwTT2cLPpA7Kl6QYsKtDGlSH8ah+eEL5OjS9A6xeA8Iyp9c6uhfJC+Inp+pmx\/v2ge54HDt537QN4TWGHVU0CY="}
00411{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371331,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMNAAEAG3+zAqAIQ2O8meIDmAbsuQaz2AAAAAFAEAACP5wAA"}
@@ -408,31 +402,31 @@
00411{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":375028,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMVAAEAG3+rAqAIQ2O8meIDmAbsuQaz2AAAAAFAEAACP5wAA"}
00411{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":375141,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMZAAEAG3+nAqAIQ2O8meIDmAbsuQaz3AAAAAFAEAACP5gAA"}
00488{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":383146,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":60,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00703{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00429{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":393426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03ooAAGcGtUytwk9ywKgCEABQj+ImKPgHbuhyfIARAP08jwAAAQEICsGE8Ov\/\/zcL"}
00431{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":395482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuhAAEAGM+\/AqAIQrcJPco\/iAFBu6HJ8Jij4CIAQAV88JAAAAQEICv\/\/NxTBhPDr"}
01679{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":461751,"pkt_caplen":984,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":984,"pkt_l4_len":950,"pkt":"xiwDYGpkTGr2n\/YnCABFAAPK3xNAAEAGlfrAqAIQ2O8meIDaAbu5DOv2\/LuVV4AYAXio+QAAAQEICv\/\/NySJFICsFwMDA5EIY5j9ZA1qHIz45oNpOaFuKTa406BzzgMGq9aV2sseOT6uYn\/S+YukxH360M7FytK1cBcqsctNy7tE\/Klb21aOWi0JAjgnrqqEBilguRx4cGVc8w996lSUVfuXyH9\/dG8pLYMfJcnaGtOXQEdBX3vOd\/I0onjCU52qfnZ8zQjn3zLdnoI\/BrPsFLVNm+gW6Eyp9GsJrlAXTz8OQ7ayAoEbxoqUjazFmddEKh5ZQHlCp+\/S1PFnbr0zaTsFjMzTtRd4a+\/ln4EzpZna3ZgbhBIcZcLEGDw5ciSqm78DrnO5iELBPvdr8bqgciq3hshMY0LvQ7yEY0mR+g+5SpvodaNJiIfDykNERNrvjNi84v8eOzKbcZCBkewgxjxidZqELeL4Q9vC2sODnfAcm6XJtfOolPxuNh9FmKJGi1JfyRJNaNCYie8wSe\/aTGFVok6pIEjQnexa+epzyKwgyzA+GGOyMr\/Exthwh2MmvvzCwj8rH5SPzLdqOj9h+NgeGbklPFTg6b4O+l5pE2gRklmTt+RonbTYmKsgAZCnQIfvhKoJmg2Y+F2WQ2OwRSAP7YGxHdlkO5QnqRYNyupLj6xxwXhYe0QRCgePLpUp6gtXSwIWClCbXqFIyR3RGj+SeFLF7C4fi2UiLrARKRPBdHjCDXXuRQCH2UCws0sY2d5MqdG4Vuvj+mNVwkJMNof1x6EGI73isOezCI3ejxRm\/SJ0aQFhdZrg19UhfY0avOAs9b5BizwjtCFelMg8\/WR4w\/BePpLlz4RgZJgP4etDROSwWVNn+zlqiszR1IylfSOE7UHn96PnKgt69gzNHPIO\/Pxj0WhzoDDFAmKN4VxOQltJ7MfegURE7WCaHkw4WAOojRZB1fRLZDU0AOmywHqGa5feKhHhA6nH5yaqoETZyVMFp6My\/zk2gmHG6usapDIROPNYA\/5kb3\/YsHPUgaE4uasMwWZOkCgnTwvQ8d0\/D7iMFmkF37EOBRYDnzsNr\/qFYjJeVve42lyowjDq0Mbzu3WMoJdyOBrZwT47Q3LBORc8QVLUwzUPN\/YcohaRqc9Xjid9ZkZZNRrThrIZG2ypK0QWNv55SGIO+Y7\/PEbW7QOHS1p9W+a3GvL6mTCoxzhDV+VOEVg9Ejo3QIk3Kdr1QhXC8VtT3zmcryFAGrTVfkn+sqpXftUoBjBfouJCONDiM8Fk9Fr+\/80O5diBfaMbk\/1LdHOn"}
00429{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":474547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04lEAAHcGn1LY7yZ4wKgCEAG7gNr8u5VXuQzvjIAQAPe0xwAAAQEICokUgWP\/\/zck"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":496841,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq+5AAEARCVzAqAIQwKgCAVlCADUALUQf0TEBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00556{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":500216,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACRopNAAEAGf3PAqAIQrNmozsTQAbv86phbj0XFS4AYAXh5yAAAAQEICv\/\/Ny5msgBAFgMDACUQAAAhINwq9dm2l+1NqZbhRu5yA6j6RbJvmaMd4dASJb8g97h4FAMDAAEBFgMDACgAAAAAAAAAAHyPThhVhwEUPK3EZVkzHmk2upX9RvQBnCbUPrOAggRx"}
00466{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":536801,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00831{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":538424,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFY1kUAAHUGVfqs2ajOwKgCEAG7xNCPRcVL\/OqYuIAYAPB\/hAAAAQEICmayB0j\/\/zcuFgMDAOwEAADoAAGJvgDiAZR0wlJK56tqlFe1HOm0VICTP5ZM\/eSHNSM2EnSKfUzry\/oUm6AATJtMRjz8a94e7NdE77GktTCb8W9\/REi7XjvKa9zAnUKqD351xUG6x23vdQzLarjM55gDmCiTGJTE8ECuAaYeBOyVdE7a4jahZlQ5K8Rht5jCI9tVIWfOGdj4LDS21nhwgv71QLVUNpo\/kvdBLsdVnNCwlFpRqUtJRdwVlBA8ttrRUdvraKOu77af5AxzZ1K+zVMBBHOYfeTvwFLZnmrpEU7qLLrKUtNpD1gl9s58z9XAoaWRJHqygPeXHxQDAwABARYDAwAoAAAAAAAAAACls3U\/mXy65X7Grzj2c6IzhQm8OEIMQqPstE+Q9ytycg=="}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454871553,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454871553,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":553292,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
00440{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":591165,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
00430{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":592307,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":600718,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":601103,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
01125{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":614271,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5o7hAAEAGESnAqAIQrNkUTKpyAbt9gJSOD\/piSoAYAVdLzQAAAQEICv\/\/N0uRSuAVFgMBAgABAAH8AwNx38g8c64XBkE7jetV3Cdtn9z0vCweKrcHtwdhHbSQ+SAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZE6OgAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClqagABAAAdACBvCWpMIieU6hTvNOrIocRNkNYDiS7EYWL5ZMqbRo33UAAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00557{"flow_id":46,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":621466,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACR2r5AAEAGnYjAqAIQ2O8meIDkAbvMau0jlTRYQ4AYAW31ZwAAAQEICv\/\/N0zIBAkdFgMDACUQAAAhICz48gWJKZkp2KCZYEWlbEtnamYNOrvBXd8icZepK9lYFAMDAAEBFgMDACgAAAAAAAAAAKgrBLovHa9iALmwD3r2UN8P\/Cc1B+BYZJt55LSw9zEx"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454871623,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454871623,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":623035,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00429{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":627484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7lAAEAGEy3AqAIQrNkUTKpyAbt9gJaTD\/piSoARAVcWUwAAAQEICv\/\/N06RSuAV"}
00833{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":634694,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFY208AAHUGpzDY7yZ4wKgCEAG7gOSVNFhDzGrtgIAYAPDi8wAAAQEICsgECrP\/\/zdMFgMDAOwEAADoAAGJwADiAZR0wlJK56tqlFe1HOm0VCpWs2\/K26cuVt0+FdhYYcAWYeBOMH739QqoXqTZxdAwSf5SJMkskBjvOFCT2egFBRGdz\/dMQa+5zEG7KzOq8+a2cjNiNSFQTukt0\/JfWFxxYclpUg8+WWJMLKDlF4keVUBUuqhc3eLmRYgOPso9z5UsT7\/VPm60p2zlqL5BHD25XoT1UaPNRkJjTDwBD\/qzk9ErFC+85Zjzt2e1vrZc+B5QnFf4cqMxExq\/KExjhomz3HtjXzkdwfQ2L3WwYtsha\/0yWLJKeItQHe7kJtjmA7KLSRQDAwABARYDAwAoAAAAAAAAAAC\/tg0hOynrZ\/f7nkadyxJgik+pTzT93RTmcJLpr0rG5g=="}
@@ -441,7 +435,7 @@
00428{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":641192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
00428{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":652290,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0n6sAAHUGIjus2RRMwKgCEAG7qnIP+mJKfYCWk4AQAPAWgQAAAQEICpFK4FL\/\/zdL"}
02347{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657677,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+n7AAAHUGHKys2RRMwKgCEAG7qnIP+mJKfYCWk4AQAPAEYAAAAQEICpFK4Ff\/\/zdLFgMDAHoCAAB2AwOPVTJtEs3gf1JQJ54x92TKTbqcMls2IBI7\/RbU2tFBCSAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RRMBAAAuADMAJAAdACCozDi85GAF8pR1Uiio9N4UGVPRA1gFdUuBR9Q3czJ9RwArAAIDBBQDAwABARcDAwtmEqagNpqEhAgJf+qZyqmCpO7zG\/YAcHcYyApmtEaTnl8cEqxMeQBHk2KbSOgUJG44WHMUhkl+2dDTTpIYPxRDrOLO8Rg2A6YgdrrsyDd9DQBa\/K0olttbUhRZRMlJoRKvOBHtvJ4+rFJPAk97\/AXv9BA93HVXZC+ChAsO\/ifM2TWK\/LcsQnQBFbjX4O+bdKzRl82CuV2z8UZyIcWwxQVIuTGHNAgSdb838jw3Xl8wPTm3jEl05I5d7QdpB+dOs4W50cPZRbfDbiD6H\/eSlp9XpSkDmC0HVWnCos8Jj4I3yCfRc6INL11ABaHz9jJPtEHGZBGt4BNhGQGbyLD91LjPNVNLnnMhtP3b3WURImoG92vNJqWkj9FMvDg4MadxFXT6S6JwBY9w75Y7DTNaxIVegVpCWV1PEl2jHNqltZPLtR7JuoJPbVEzIzBndk+zE9Qq09N190sA0UKg+T6RzgI7Xgg5nAYsMfrAAxXMrbc95wgQuUKr6bhp1fsgLOYObnAeTTRZlnbipIHPo4pOrNjY73d6D63j0T91b83lh7pnnDu6ufzlMvxATA0SUAbEXAqFAmEfXHcoZEQMfMQNTvXPjfs2X35J2gY9fnsXP3jhr9NNyoFVoTkXH8WXJEPczhBCL8WScIqQeP3HK4zMm\/ZJnHfSnIsOXKddfUGEkuLyHqlFcAuFstOB9a1b6TjNjq6YxbALUxZmsbqh1hCmu0dl0y1QAhoQUueTQeoPKXm1oUGMGikbS1CCDcmLHtfTs8HTseGk0xOiohRj+O3C265izRQUl21hZLDVxgq0uKrqp5SCWDA6Qc0q8xb\/2h3mv8AicunZab8angnAW7wQecOUbnM\/hsHYRPA92s+vp5TsYzO9rEz4T2e9DE0V6SYQMPwvigovQ23f+Nwx8WNogNCGkqwlNOrryULXSJKPANU4fSgAO7iQMUD3lka1k3obKzkWxmYoJcj1bNJYLC2jxr9CEUG8hNkMco1SDfT1vgV19eS1q\/luKVvxNuTDdsLumyBuk1aPRsLJ0O2hvmD3h\/5giSDc0i1DNam\/lcRjeteNPNJ8zktJdU3G7CNA\/OY9bwzX9RzwYnCovPol8wag5NbSFx45rEz+UlvzBV8Z4UehiNau1c7i+OMjxRJwG0xU7RrACKJDCI2IlZcNIt6tMSmSZREozix0IdeMybPIxeyFx93O1d1VODk9SqyWH4e6W\/CgpgweMA1GBpCHDBMjf47d8TupJ7B70+Z7pCg+ooRc6Sgt+0w2AWe7U4TxqzFP6TvraYrzA0u6Z7Iuo5pORbBwdwCMLORYpzehjs0u5Drpvb+QeZozsYsz+O5Ye\/96XfLrvwILLJqVlDq\/sqHFiRnllUQxvFEntDaYdcn\/x2ZoV046gazabq1VblZO7r\/2L7wUh0ZaRrtnpVeB2A3Dw+yRsShKwD6w+cETjaEUEEY\/ldhNmMJsqA6vuGQrbd7yqALw4zaEz1BlibQBia2WRyE7Zgw\/cTiScvqQgZ6yvYvadHtz3JyJNTf8ieY8MY4imLE2ubFTYKjKcjNECdz6e4aqfh6N9xIxgRDumXSWmGX7mozHYYK4PAagiEHRTTwlRNvkCXq5IVniYN83DlQ7LvkeawIMz3GDG50UuTou0Df6HRQat2YWrd0FVsVJOLJAuoESSM2nBA8NNNWxg1ZOzeHRN3tUka8W0mQGhBUthKnSnAc="}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_tot_l4_data_len":2175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00844{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02350{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657707,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+n7EAAHUGHKus2RRMwKgCEAG7qnIP+mfUfYCWk4AQAPAQIgAAAQEICpFK4Ff\/\/zdLqLgvwQsz5nuRH9DV7caoFdCHBSrOHMKMu3egajSHr8A\/4suOs2GODldjd3\/BZDeHGCaeTDaufj3j\/kjn7ksr6N4PnA1KHq6A3Nh7uRxg+OkKc84WQKURsNx1N7rf754xOJeBZ3BzRcqkHQmv3uSRH8N0EotoqTqifMFUF1a6MVyTU5zdDopBVDfXY4y1Gq6SLorPmYduc7UGkFy8kP2WpEL4603P4goYqry11nQdy1b1\/wdmBtn+vIhYDThJhj9pyA\/3S9SgUDJ\/yIof2wb6U7yUXyautg5PggX5dnVf6aDs6Mwaet06C87AYnyhDQrRZZWa7xo7eTQgK7z8GPQT8TIXV107uHawij7FDQdsNTxxqcJ8JIAUoYZHMgO7wcBrT\/aN0E\/rQkBrWCfJdYcBJGYBeXFCc5qv7MbXvL9saYbCbQyKcCY\/\/X7YkAY66DI9Oy3FrXUimebEdG92PgOkLqTorwgeZ\/h1cC5zVRzM+hqYlxznaihfUxzzA7U9zNY3YAarMRAwjqTwaupdtt6AvPBk3SLnhFBQAJgFSJ8gU8O9dUyEYqvkqv3Z\/pv6bQaP24XFSF4fwzTwrKflTh8Cn5vkafo0IxG5yVgghgpqIhZftjwNTLUAQgbHRVtfVmRhgPFqDvubD1Clx8fat4NpNF4+8iDDUGV726sOmJl+1Foo+aCzDi4n2I6ZC5Q0gih3jEs9dYbMIWr82+D8mqwTlVJf6voYuYpn7Q5q+yR2uTGj0vUNBIlIuSM6rna5D7MQ31vHidSIb8NNq\/GPv64DFu9ZJQpWv2Hpt4a1BJ\/TewZgP1p3MFw6+kmIgKQFjFesBR3JbgwgKkkiWMcmhN+Gp1n0p\/xzcahmDiqfK0XvmVrhT5M+tKiur1fqnCrvFxn5uzXPjXMYAg23iIv1j+92DYeAfsODR+2NVfSSM7VzeSyJpttOEmw06TLnVi2rocnoc4ddzLMFjRzbBAIFpbT8PkiUUOPgB8cbjboPbxzITYaa9NNmee8cwolxxJKut8o5E6slvI6tRjgZgQKvONHjoqYkBXImMyF9YAzLyKhe8wpP4H2NoGVBB5EvoerATnoME+EyjThmcq4j4zNf2b6+4opfvgyO0T9XgMjRDaqrIcIZOVxQgmZLTCzBI1tHvNU7QqWAQAo+PWdf\/27wBGqnZObwsribrd5JRVVzlKn\/bTdO\/F+ExjOQsbNH8uAgE6O5oIKk5p8654erBNA2i3QZadCUHYPbgN\/i6oX3BWSLscr8y2qGzy0udJIQKlqEQnKiRCT\/RcTmNGo5hbgnpWUNO35R8CAWTQslrOuXxPoreVgSwXGs+39s\/VvlmRBU4ccYjb3YJ8jlYvD7Ae43af0OdXu8EPBtPIltQtClVRrwY6Pu+9TKjrgmbeTypoigVCsJradiVgna+txFSR28Kozh9LeekPFT4Dw2IyBz8bQzbm7jrAoiilSC6w0BkZxRhLhIn8miXDKVqbG7zD7+HwvM7cNRRuU8DRyrPTRCV+Tqc62qRtnPkCGdOtLIKJQVVoJ0AlQc72uGKGRSKbhOlg\/Du+A+gIkx+TJ17RRebltDjGvJuflUx8Psuny83ezbKc575EMk7gElY+0+kqd5X7doNjCii9type77siEUFzRbWfh09gCQOfASJDiky5+uRlmmueWhFN9NBpg5Mz8UPPML\/4O6g2NoSKUajPyGbPzXf7lCGqpHG0B1NzReenex9p8bl29a2CZvcoAPwVVBfqAoM1WYKsWO6fFMQULlibzBFBgV2bI29Zh\/xgDn+D9BpzwHFSSL3GOVE8xPVyWBa9kZbZIoun76mMumf5mrrHAc1hoXdgGFpUnP5bgKNZA8wGsQSRXHs9jLfw6RzFDk8wRX8K+z2Mtihhs6+d4="}
00732{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657777,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEQn7IAAHUGIVis2RRMwKgCEAG7qnIP+m1efYCWk4AYAPBrTgAAAQEICpFK4Ff\/\/zdLhZxPPl5g12SWR76o8mqaRhsahZZepmW088pypBWFGvuk7y0AUpNhokLZK1\/u06Xyo+4eMIMfWhu3AS\/4G4uJSMvcDp0pZZO\/E2pukUrNQJWBpomkGEbyq3FyS6A+VWn258iXtUs1w8X8IcXms8uWTo\/rpuXEf9hwHjuEB1\/Y+uM7wGtfibiHKyD1JkLzRtMypBL72dCHVnhlQLQesuCRQJL3udVVPbBKtkCkEYRXyxUdcHa8g4yWoQJ9qi1r1Vyl1tuA0VowniC5eSQrw88pwrRxtt32+0kvrXX42g=="}
00411{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":658879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAoVqFAAEAGYFHAqAIQrNkUTKpyAbt9gJaTAAAAAFAEAABrwQAA"}
@@ -450,25 +444,25 @@
00430{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":664677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0n7kAAHUGIi2s2RRMwKgCEAG7qnIP+m46fYCWlIARAPAKfwAAAQEICpFK4F\/\/\/zdO"}
00411{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":667034,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAoVqRAAEAGYE7AqAIQrNkUTKpyAbt9gJaUAAAAAFAEAABrwAAA"}
01129{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":671535,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5E0tAAEAGY1TAqAIQ2O8meIDqAbtXpCQFBCFopIAYAVf46AAAAQEICv\/\/N1mpXP8lFgMBAgABAAH8AwOnqdAL3NdvDJFQu00MJRohbBr\/QjZxpgAY\/BGSZ5WHGyAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSwAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClKSgABAAAdACAb6mJErdFzNWCA7OLn3TVZSxKHowP8hLIwdOOd3\/6PSQAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAKamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":676950,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":677331,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00429{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":684801,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0YMIAAHYGIeLY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPBmhwAAAQEICqlc\/1b\/\/zdZ"}
02357{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":702687,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+YMQAAHYGHFbY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPAQwAAAAQEICqlc\/2f\/\/zdZFgMDAHoCAAB2AwPJv2kpRk5kOUnM2HOXTe5Yod0GBxnMyzCAyovUjyXAaSAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSxMBAAAuADMAJAAdACCgX8U2R1v7oA9Np4c3Oz7YFWZYN1sGxrATsrrnJaLEPQArAAIDBBQDAwABARcDAwtbCryhviK6rd70FfhdvqSrUX2UBHBS3nznbhwDa90nR8uM+b6CRbS2Vf3jreDvrYWrJMHAldbVALpa+VJuZl5DIM7xBbWLmLbQgNl1Wx\/8BlaA9MHzLPAmhGJLmvmrwoXdvuDtutplCDDlqmRWN7QZqknTjwBZ\/7e5noFL7L38N0V5T9vA0x5xQutrKvREjbkvxnXuH6bT\/\/T8HKlF9RMuTdwlaOFfGd6vAMAstYO2Z9QTl89ER1PNz6QhqKVcZtn9Owz0qf9d8Oel7OnbbR0u6loXcg3+az74yvdTIRI9dnRtYgZyxIW5Ln7JcBGQsyHaUWsXCKYEZSq1gM3QviFwW4iq6oeiZSPuYuwVVJCd6dxaIKGWzguTdKbMWICG9v7kTtetGA\/\/ge74b7VlB5QT1Q6+GA0Of+NljN8pFMixNNsme15H9FnSPbODaWQjmwVuqw+qnLbnMGvFSdC7JrR0s597NCtAlBp6yeGizENvpjjJm7+tGeFLXBARfgVyVFyxdk\/LAsuYtFX9ADYZEtVUJlTS7MzRdhghU34TQxGT+kkc3EI++enUCul0Jqtp3Xpz80LQZb1c87V+hOBNk974hnZkJ8BQOuDhKY6aUOUJaM2jKTujD\/FowD031\/uwLtunkTjIwLZPAMXXbz4qegXEP3nzI0DNboFqZxCS5qNje\/gQ43H6ziCDd7CJWfHjeZpHUgJnORG2En\/r4VjreI3PMzCzs9meVVpQCpi7\/lDmv3HbWlApHYX0dHwWOrC2QJWPJh8xkvmqnvyht2VX281JAzY3YnLX8xHJ8XFhg9E0FbachvwDEQP2QWgonJvKSp3BLbeOQlZpsr\/3UYQgbVAIf7alUJmrW2g9alp2Vx61hDpznqmHFXb8IkVvu5+5TS1c+1Zpc1tIZmJB2OVd11JRFdxGaRLa573+wmCAetK0iGgA2llBMoAtbgBF1oG+bLyzZJufrPhpO7iPBMx7lYsgiHASrjOteWSa6hMZa2P0xntrmtaUz1MRIIFvPkUHBwVxx+gG5g\/lHy32\/peF\/JVurqo3snJtctn23Uq4VfoZDdTSMREU8\/Ju1yW0Ige6oB37Yxv2hRtf4HquxZOOc\/REHSO1jTsCEg7MHgh40cXOkvB\/1pxotJSM2oa6INQZNbUl1vj+Lz0FgyWI8uxmSjNDnvoba3mxs\/Rocv0YesTP3m4GafAcT8aWBCwbpkKH4vRzezWZfMora0YQjZNBOWMF6AnvY5JOLmwFWgz1waqETy7Jk\/Kg7oq\/jm2iskmBQzDm8jiot76CHs6pv99DlUIYFcZ7tRcl6i0rH6l9YXdwJYBGpFmDpDjRgVimWJ5JrsyQ5boRxMimNjknLtSRlt24w4v+KcM2byUA698KF63Mb0PxMzXSNqgKa2b7ucmXA1UTOmzy\/oj0lcIlbZPkMDsSDpBoiTLX0\/zi4FJiJnQ1VZ0RnOXFNCUPWxVAgE8lsZxFLwEGg3L4vhjfAL0stabrPVlHiIydyZZAtcD4Zyc65UGPACS+sGGVF2GDuydrJY4E7OfTaqf4x3OGD9sFW8CjYKvcDoS16y7MTJWnnzIOlp9NqZkBOXLaWM86sr3hg\/DrSt3D6OB8aaKCrqGKoS3oENL9kyJc\/fYZWgzgveOQRBA5I2doP4HG5ASSmuTiMY9OZjujGEQsrPURHKRc6yI\/hsZ\/3zWx78UWFQbyOrCgW7U="}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02357{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":703713,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+YMUAAHYGHFXY7yZ4wKgCEAG7gOoEIW4uV6QmCoAQAPC6UwAAAQEICqlc\/2f\/\/zdZfiK+WJwsxBYmGTn1qaVgqL4IYylqnn\/Lq1zdC4mzB1Yy0c7Ekclg6PVka7l1Bdthap+1Gd6xAmTQCs49WibwnzDNYYs+EyUks0izRk\/6SVsM3kVt4D2vZLb0Qx0EbHt3ifthygGQN4raVoeYg0f1YI86iYv9+cLlbTi+Xjq42yyxCIQXxogJARHfyY2UGZFLX18yXFrcvuYUEtxKNeml0m5AElP3i\/SQhv1esmUzfPQUDjxO76Hb+GzvJ02hD1Z5XPohx+CEmDUgbslB1DldLYHzy9uA7g2JMs2WUfeYcUJsCLnYNRXFEY5YgDwnyw12TCtHeTrbDmcP7fq1Wa+u5EViwIDuVb\/+ozitr0mUKif3a\/hbYj0hgU5W46p+fTKJKeXImhGmluWtb3xFOFhi2QeDbH19jLJSr2g8mF9oZh5eqT3pvXsPzpbtlpKZTcv+bz6s7CNlXRQj+4GWUPBMe4lCZMKHuyFMnAZQI\/umK+Wp0C1M+CK1wLiRJRADyBSKN3Iyyx7wTCNciWokIf4LyK9hhHeyJym1rztAgCi2F7AdMG84lrxavlkPUMqpUq1Kr8ip81DpPc3GxFNIORoOYNZnLujkSccFHxGw370GBqlKaQR\/8BoRIN\/jKQOgECcSMTgPOQTlN00UkI2bBbsThda1H6TVEbTdxGH7TERIPZogdX0eTNNJ1gGbVfXJW53C+QgkIsAOPfDxHmXZuiHecZVTTah8c0GUaymFF8iVE8aBFpoKh3GbfJi7u3zme4c7C1gDxm0FbznTLdFYgYQ+iFgiiBBYlXQBVo9vuodi9b6AJic\/1rFzMhIcIWxLEqZUUnPAIKSY7M44lSvUTDTm3JEt0PfKOwbgBAnupWivQsJaleGhScqwWfueFK4xdYtdf49rITs9ZNQugEv83FUJcciWkmNgzmzra3i8wwq7PRBxd0YwX3EpbrQuV8OJIBmq\/awg\/BpzSdrpI5We3d333A1zUyfRMZ3fT+HwE7\/IMGlNEcdg2CRkAXypv1oTxg33EdBaae+A1x2aqoOWa2EgqWqzQBulfG2veFY0roT272lLuF0hJIlexxk2t3GtpoBA\/iqHncabaAolegSIzXJTSED3Vat4FClT\/6mANxsZ2aUoUCE0YzbrXZAkcuTN3bHxeqZ7sJKr0hEkKc0bNW04MWJ40bwrrtZo7M5RFOvSOWm8ArURk3Prz\/hEckpuh6uxtXhHx8p5YoveWp0Yh6oIZNmee+4EOf2U+eo8la5udpMXqMqxwJScGw\/IG+1XEHRvbVRh\/9MSsVUMsUu4n07EAs+ZVskg3PnshEUzZWkMOpAOO\/ZAq8T\/6E3HKvxor1ujf\/skHCnobTzJd\/zBYEHGIwcBZpv4jhrUzFSME3BRP+92Hu001j+89F9DRpTjPDimdqOx+D1jMtDXaIzcqbU31e+SkD1Cm3KrNcojoW5m\/cRtvkUtSmBUa7SXoLwMV52hWvVCnJ1xU\/+CmNR67CP\/1ZXRiW7LysEh4Cy26USUeJwNV8vdxRUp2EJ4GklIObpBLooaN+cln8nawsYz2R5DrSLgiN7AQbQ0MQ9SaUriMpwq\/yBiR6DGQJTcyWFjUxEKpI7XjiWCHyWXUgSh7m6ZikwMawndcM4AEzUXTywdiFPb\/JcOZjAS+T+j+S6QetHffxBm+c\/mWdCgDsivdzAHA\/CKm\/HZZji4QiQlgtudp9rDiBbpDaty13Rl8V6DcFIOlFUdJemkbnxSmGP8eBegoMnwGJlPoA6t5YFMRtDkkziZ22cPYxPYvtqJxa7tZ5s83yC6PeVa56eSvPrNgd7rjf5G8MFgLDnrdT09bXguJVyQGdd\/JWshx9kETD+BLP0tFriIOkff5qfSD+ZyCptLqFfI89OH+plr4pY="}
00716{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":703716,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEFYMYAAHYGIQ3Y7yZ4wKgCEAG7gOoEIXO4V6QmCoAYAPDmjgAAAQEICqlc\/2f\/\/zdZFInUiXd0kaYEdpcxleOS67gYnABGoCxqGAj2L6oEmIFGVoq\/Or1R\/UMCz28Vrm5swFo0M5+A8ibBsdRBrp4O9r8uMau1rSvUHb8Iq6L67JL1a744dtYrLnMMJ4A\/F6rcIxHrIVX0YhsMQxLeS70ceTQlbaTd5B1b9RQnxBddLAebAqW5398qiLSuU2DTlrzu18ELxtiXzFkIVdhNCF0T23rYqcvvclDZ14CHSE\/FLMpN9Ab6zW2Jx2SQxY4v2o68vWtF39FLsKwzN4c7nKbSbD0="}
00428{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0xAAEAGZVjAqAIQ2O8meIDqAbtXpCYKBCFuLoAQAWJgcgAAAQEICv\/\/N2GpXP9n"}
00429{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704809,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E01AAEAGZVfAqAIQ2O8meIDqAbtXpCYKBCFzuIAQAW1a3QAAAQEICv\/\/N2GpXP9n"}
00429{"flow_id":53,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E05AAEAGZVbAqAIQ2O8meIDqAbtXpCYKBCF0iYAQAW1aDAAAAQEICv\/\/N2GpXP9n"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1582454871741,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1582454871741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":741833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1582454871745,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1582454871745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":745826,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1582454871772,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1582454871772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":772041,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="}
00520{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":772060,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0\/A1AAEAGfFbAqAIQ2O8meIDcAbs4lMzLVf5IAYAYAXhG4QAAAQEICv\/\/N3Im518wFAMDAAEBFwMDADXarbwkrqrPnfEARK1iXmIzlBg2eUTpj8CcDfqBTPbv0wL0B0zlGN1po0ii3NbiPPQC1NSc9A=="}
00441{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":781183,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="}
@@ -476,31 +470,31 @@
00428{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":786432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"}
00430{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":787200,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
00430{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":789558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0b9gAAHYGEszY7yZ4wKgCEAG7gNxV\/kgBOJTNC4AQAPDNxAAAAQEICibnYVj\/\/zdy"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":804912,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":805281,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00441{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":807544,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
00429{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":808693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1582454871814,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1582454871814,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":814833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
00829{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":818736,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdbVpAAEAGDFTAqAIQrcJPco\/wAFDXL1o0C99s2YAYAVd53gAAAQEICv\/\/N37Q72G\/R0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":823866,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":824351,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRS4IAAEARqbjAqAIBwKgCEAA1KbUAPSLB1fmBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":827498,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8rCNAAEARCSzAqAIQwKgCAYBAADUAKPh7cqMBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00458{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":827807,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1582454871829,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1582454871829,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":829800,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
01124{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":838757,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI02sBAAEAGm+PAqAIQ2O8meIDkAbvMau2AlTRZZ4AYAXirWwAAAQEICv\/\/N4PIBAqzFwMDAfsAAAAAAAAAAdYTA0yeiWvkRh3+WNBssZ+IsSXViUAAwITVDhsUv\/n+bkFtYk8kq3jBXrdCWRo1NsrcIswaGUUcm2k651tAlUVTMrSj6J3VNjuA2CNRBnhgUf0KKIsb70HD1RAGgpw6TdC0a9+9q2tX1epyRn8nAMxQ70HkBxlzeu1rg0ZiZ7ww9ZWQGuiNZvxPWBsIwnjMlarQ6IEunNKMe3a96xKcj+yoDcYORd4gE8NInPAaiHZaxvA9+9Htj0r1x2dU0+kh5Ly3X19LMQjkKnHxxXl5gt0l28WE9NaawiEWTm5EXe8QpO76SlfxWEp16E2E\/Bu0qcUlfv9bR\/yBJ7Ey4hlNhT+eAJV9rSsBdAx5TBwIUJkur+jF8XgA2EpTbK0Pi095MWrhOLgubUOqyDcEbhNdlLPfZGtcJ5DWCQHeMSFPOiLURf9cu0w2PhghROWhEVEBDie94urxNKfomCu435niTydxsriHK5xS+kt5He+25HKxROVFqUTDH4ybVgxpm+YaCMDer0820UofA6rV6FJ\/Tn9vK+Xi4C6J6MLctmSCsP1cM\/VgZlPEm\/Pv9aKZ4YnZaMsiHP8tzbAw9k\/o8r\/HUR0AohQoSzHw2firUp4zv74ED7RR6MFu8Pntsi73R+DoijausZ1d33jjwd53vwU37z8ma9o="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1582454871839,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1582454871839,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":839297,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="}
00441{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":848736,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="}
00428{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":853064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"}
@@ -514,42 +508,42 @@
00440{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":867294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00428{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":873337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
01228{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":879681,"pkt_caplen":660,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":660,"pkt_l4_len":626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKGCFNAAEAGqsPAqAIQrNkVysroAbtCYT8toOwsPoAYAVfGNQAAAQEICv\/\/N43vemfUFgMBAk0BAAJJAwNrXT7L+PJep4B\/dk8AB+uJB9Pwzmj4f8u29vBYTRHG4CDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbQAiysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAd6qqgAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKcrKAAEAAB0AIA7SNmfcO9z5Fk8eILAkK8oUeEYOBFCgnNeuFUKzBOEGAC0AAgEBACsACwpKSgMEAwMDAgMBABsAAwIAAvr6AAEAACkBDQDoAOIBlHTCUkrnq2qUV7Uc6bRUrJdD\/LtOX9saWvlSIiAibjKIU0wHw9yQxl9yfCDql2xDdrNsm7zbF6\/OGNfdahzYSr6RfqSfTZGLDMZZfk1MJbPFSKnzYvS6jOEo3TW7x+9BZ4+3KDyjSvE5m\/8l2XSPqIu13oiFGgsmpE4gdERCudtURq0Ogikb8MlcSRimaW6Jyuzxd70fGrtNyd8LfqifFc1h2FkIDgK11FO2C2BHwFuqglbOegGmZKZuntDRxgQqNPVB57xYszkl2XDvW62m55mBMYgOxxISmOX9JOYaN4l\/oAeAdwAhICV8acJGk5urIeyURl35qfHipUs4BWNlBpXTDG5xEgou"}
00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_tot_l4_data_len":738,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01127{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":880409,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5wi1AAEAGtHHAqAIQ2O8meID2AbsYfvWpTGBDc4AYAVfJZAAAAQEICv\/\/N43Dx9w1FgMBAgABAAH8AwOizyXUznqR2zg8twjqz4c\/1LcXNiJz8Xl8G8QuY+oU9yAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcAAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApWloAAQAAHQAg3dtD4+BEPVHHfNtYISH7IY66a0OPmtM6OXNpxMB89XwALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACKioAAQAAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":881494,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00519{"flow_id":53,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":888957,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0E09AAEAGZRXAqAIQ2O8meIDqAbtXpCYKBCF0iYAYAW2SPgAAAQEICv\/\/N4+pXP9nFAMDAAEBFwMDADUeoCqVohjOxbck2a5v5Pyyv1Fk1FpMgNW5QT+r4NnmhfmQ2DVwE7l9c1TQBuYpiVsdz55Ebw=="}
01125{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":890562,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5SmxAAEAGanXAqAIQrNkUTKp+Abul3n3r43AruoAYAVdhvAAAAQEICv\/\/N5Dp2ZEZFgMBAgABAAH8AwNXABRh0bUwv02\/tcLYJb8tWNqjNMehgKwAQKR+V6qhpSB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZAAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZHKygAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBLZwILTiy6lRDHwjubzrib1KyQtw7d5xCTjiQBUnoNPgAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00549{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":892841,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKE1BAAEAGZP7AqAIQ2O8meIDqAbtXpCZKBCF0iYAYAW2ejgAAAQEICv\/\/N5CpXP9nFwMDAFEyrbnJ6g4lCcl8fGr55cy4dgSJsqsxBYOBEOPjwhy8zTKp1bcUYupcfT8mB5D9a\/tIswIrfWM1UfUQyWgObXtLZcEhoiIdzik9SuLwFlKQkuU="}
01251{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":893680,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKQE1FAAEAGYvfAqAIQ2O8meIDqAbtXpCagBCF0iYAYAW2NnwAAAQEICv\/\/N5CpXP9nFwMDAlcD4iJ\/jPRtCquF0drwP2GZ2kuHnwLJVhypQf5KlAEVz0CdRqWLF\/E4v9AhgK1jksjBVADmPNL3ZuK\/Hv\/6ihMbxALk9beOiNipPBW7zVk0qNPxpCyinREk2yGnTILEAMKsmKojLR2xYtdo3P9Rlk+7tnqrVVTltYOZBzNNefPUfo9fCaXJqAGCnzqEXQMovEhb1aKY2vjJ0gZw5H\/zl8W+KL2+lidNLrVzlNSKekB+i7lEB3g65QNITwPZiWT05\/+mKMNaKmKnEfsZPzXFqAiSB9M8Sk06mpdK61S2Z9Uzf\/\/ycDhU6AROjlHrY+BA5QlUrIMkOo\/iS+xfbSWrLdCcU8Cf7NcuXTywlu+mahvC4sEeJTJStJTb8g36MBySHplLZ1KUgrdTOPJKxrIPSlbB38ODN6xkWjwpQ\/JaqkqTZGPNi7ac25dRlZ5hy6fThFOP5WcYgu7tlJF+ZdxsIMLaXoKAQkJJlydyR1w07hQKNoMBqHTxaMXgkWKI1jj6WA6VMOnc+VdJujytPfAldM6edYldGOHAEK4gcwrGeVPgNOxrm8KLri4fx5dOChmObLEzVjEQe1LA1jki7BheYByAbzgAR4AHVUffRFUZ4iRT06cq1HsIFXiNihvF4Z1ox8ftB8CbMI+qBycE2FEMCl16O4cm7kpRKQvfkIKbjNSXnIt8LhPtqE94ZxL8sR2szMand36ldeazSXt2CqehDZy04wcnOc3w94d15u1w15UTypaIprm55lLKSVcHn4O7iaE3L+rgpSe6z3S\/t8y3+iQ3JaQ51zRohA=="}
00473{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":894047,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"xiwDYGpkTGr2n\/YnCABFAABUE1JAAEAGZTLAqAIQ2O8meIDqAbtXpCj8BCF0iYAYAW1plgAAAQEICv\/\/N5GpXP9nFwMDABtkPRZwjvRWJYqbOhc+xpUQmZc0th6UFI3h900="}
00428{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":894669,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AIIAAHUGgyLY7yZ4wKgCEAG7gPZMYENzGH73roAQAPC5RwAAAQEICsPH3F7\/\/zeN"}
02350{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":911317,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+AIQAAHUGfZbY7yZ4wKgCEAG7gPZMYENzGH73roAQAPDFMgAAAQEICsPH3G\/\/\/zeNFgMDAHoCAAB2AwPCu\/6wr8aE5b7PPfHVJn8Tev43TQ\/dv4YazQveDjrJzyAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcBMBAAAuADMAJAAdACD\/ieAxCNwSQYi8\/CYIEU9iLFhTd0LghdqhtvUSuVKlLQArAAIDBBQDAwABARcDAwm5CWY9ip9gWhtu9zt7ThcQXhzqan0V1o7l6x\/zeyoNqXfMkG5TS5y7CMupzF4URfPmVp8AYpGq1sMwuyXya+rMwAPnsJdOPlXijhVQVdFR573zwfmz18XP4plRTCZmmDlhNMVRnNZESiCkLPctlmwnsblxLvyRgM+jVpPYJwXo\/qxRLML0BGhNS+VTnboXAaIasjOV6\/MkH2PKkowhKqbOtT6t2Rq0RGu\/UBIlW5ThabuniaP+1AY6MtYTFtsSiVSGN7E+hix9fBZtGm2vVXMFV3Min+8QRX72jJUrtHhRfYjPVCvEEdjykejkdEX9Yp4BEB8DXOiGuZsoClDKd\/Rtp\/wKag0acYYD8nHSgs3jEcQe+nHTjMmCk\/z4JppERuC9tuTqnTzK6jy8CiKTXYtCWpwwDqyhbdYCmHjXMzE4OjUAtRJ48WoVEGltZNp3BeyIKiQLix1bsDY1yy9dQH5OeAAQ4URv7fmhljTLnZCtbZ5GjuckJ7xO4wwiqMUA2HicNT+HaQBJZVrXWHnOm1nfisZ3atRYe6LkN+UPAw2peunCiNwJDrQh2QqxrrEOyZGruRNH9xmCYpGojJTWTaXGW33XaTGZnMeTQr9PN3dVE5bNtGuGY9p3qJikN+mnOk9bTv2nz8O+KqVdX2731aGpde436Zs0ikWVLJMowOGN0qe6zeFShNKqBeWB84PKUxEu+M5XG4GrK+3ex56gbRe00fVzUmiTcfgkt4y1fI2kdIKZk+bZQ+30TgrJoQbwdcOYvVXnBlI3rj05O4DBbVm6U\/+g74VWjpjgOthB3S5TTTyv9bsGYL2UMegweTlJBQRXSC7iIJma7n602M81NSE6C2cpBPxJcx\/hu5rvyz0Zw4X17sDhxc8jbSXxv6RPTbDSW1Qv9t8MjtGXFvmO1LLaYGBvHI47OHVuLJIu1RcyX2ZLkwsYmpc+NLjh7nRmgfbV9LqX7VTYcGd6qHpoOiTjPw4Lh0hHmhUBvH2BTUGfFJPgvn2t38D1jJtbxrN\/qeeumnQfE+Wwqt9qeNUYkup3srLObJakfp0FOIExbHTffa1DTSlNXGTdEirXcUwniAFggohhBQC9hpiP7vtMj5Ti4foFsbodNYQb70EAKeAoG6iMboXxcQmihTD8pX0AvYdmrjeENIQfCN22\/1Xux7CmKNhRHrD8A7llSNnQhxYVhVY7jsKRDEuilLCoFCnD6Ks4GP6rUO4lRapcAMcTwqRfAD1uo0SL5eG29JlfNnbhFjd3I+hgqwgpFovKMNCVBpLSehk1XzjsulSYBr3lwM+naytyRSXkr0U+BJPztq3U\/wNdhRxFUpmiVRabYVTjnL3tNrWOJWaRp6XY\/AkG18USC5nMGrk2Qh4I5nmmD9PivLTwdnv+JEWnsJen3pHLgVpCJ3+7iozJrvk0lwXjvsFI9zAULI1MEWo1ACVyk2udbxh\/7Ka55FnmLLKGKlZZKrXYIHZDz1PWeP1thqypKVrkYTjUZzR8Od3RIFnotB7nNgy4gMYw8zK+K1L9IP9ZfqMZ2Q\/G16H7JyGMHLbEgtHn4fxvQTz6quegyKgDGDIrqqS3v35qKZzIO9zhtEt9qLy9ad3XE2t2PSRho4bg2dMURxx74WsZTPFBx\/EjxQpODBU1\/ZITTlQFqLiokRbmUnuSFsiRK8Ap4IG0k2YvTfdv2zGLoPp0K7YTFrhhzcwb2fE="}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02078{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":911329,"pkt_caplen":1275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1275,"pkt_l4_len":1241,"pkt":"TGr2n\/YnxiwDYGpkCABFAATtAIUAAHUGfmbY7yZ4wKgCEAG7gPZMYEj9GH73roAYAPAU7AAAAQEICsPH3G\/\/\/zeND96rZ8KcpwGCajL5e1UbFoOKPqgx\/uV6oFNxUzW5HoTiQnbMEua+k1IMgAMlGzrMPqmxjLZC46qmoJt7owtjeGrDOFn\/LscN5s+kz\/PpZ7XvU6p9WRS4RzPkQ2Bswcw3Aeqhw88KHrtI\/7vblv0V7raO9mNuKAH1v+fka66dIT++DwbDQGfevDODKr\/gqlKQHQQDiYmjy9jWIiGk3rTKVkRcSPPDcgiZFXv8z6RCbkM0nDQZzhQ6adiXucsXvzr+pqfUvj2iTusNtJVkvxygL2rIo3He4F\/IoTw\/utRfrwAN5lvA3nlztuedBZW0VmFT2HFGguyZ3HoLDB+\/eXM8g6dZpIe\/LiaLkJs2Y3YrM7Vw6IB2Dnsz\/4k8EtpWNmPb3yG8Z\/o3l18mMQT0CK8Mn28wL5cobqwRHaiPAjiGac8Lxr8w+CtW5Qx5eLDUiAB\/9BdTQ+61\/uOz6bmdBl\/Cxej29Y+6aiibRDXI54JFPTRoY2EN+uRuKnLImd7xIv4ribSh7bCYwJor1pgob9Ds4840kLc3RPiY5eTw+PaxLfk2svXfDe61thM5IazPOaNbFjQPAKwCMjVlqbZusScjaeQD4e3WNs51prP5Lptmu3+OZIz3UYYZIUSH\/0Hfy55vkIY1YSJXvu3wCpYq79Ifq6D5JicKCPB90MQFUTtnPO+Q6fsX8yKExRpfQceC0TbMM6GzmfCRzpxpvQn3AhKWI2hf9LW+bhbzwAUSyTJ+1\/nRGdME3WiqbyERsnox3SAFNdyzJOI5C3xu1BiU2bVC81y66f6k0KjY57mlgkfAFn2gSBYwrt\/UMQNeQi\/M97ZX1nqPX5fENrQj0w2os2Ky1xq67IT2YwXQ7Z+UT8ShsVPvk3kOd75RW8XRYFWPoqhNXkbAxHCunbNYl7FUOgIcDSdIhIoxPyLWN8+Q7MTjdayT3Om\/xbD9BXOql4j\/sxYaEU57vMo8F+\/z1B2JfjAkd+w5nAZbQF\/epNGcvhv4sc4LZmkOhJfBzkKAZdH7B585+qWsk\/YlYk+XJXNjpNDe+ccw19cX2xxXsy4DE\/E\/+puOdfTdP8msTJnADomO7+vkaKfGGF1iYPpjp1SchHuHmM2Kaq\/2OoC2iSqrICv6OsEzUxYkxQMDzSpGZk\/3s17l0zbg17mSmatxtrTDSQaZWgQjdIWJUHO0YPKh4AgKcCG2jemS9qShBVX6uxrGbOOTm0oPtS3mqZpS1JyOnq2jAO9ze1KDJN7uLAV409e8EaM00XHklONUCHob9hiFW6dteOJCaxSF30n5IZiT5voMitZm6NA9n64IFARhTUCfc\/rfZKk3sdLmhPuEGUsPBmDEJWFcjPoj4\/KHTqDRlzDQsY+\/PkhCnJaddYRYWMoZsrgPxzCmcrJpRN25wuke5bdBBWfczNyGdd4vr4jNVwokcKEw6t2B04hDPUMTXKslyFFLJTYIBC5EOdgMIkYOQ+2WanSyjjwhwy2u9kaOgceZN+lQDFvUcQmV3nXfZnSZ+S8mghrYYCTw3X3LMyoaMttoaZAze1kIQ9BusBuXgpEiQp4RA2ZtLEUXQZtFI11PtbpRzVPW7z3XfYe5ozn83\/uDPQV+B3cUurZU"}
00428{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":913560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ogoAAHYGHV6s2RXKwKgCEAG7yuig7Cw+QmFBf4AQAPBDpgAAAQEICu96aBT\/\/zeN"}
00717{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":913572,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEIogwAAHYGHIis2RXKwKgCEAG7yuig7Cw+QmFBf4AYAPCDsgAAAQEICu96aBX\/\/zeNFgMDAIACAAB8AwNXyuwDxMqVzVMdddxZ833D8C1lZmBy\/fnbob7+g9LiqyDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbRMBAAA0ACkAAgAAADMAJAAdACAbMxGW7At0HGDNDYgsDvU7\/zP00nEyGi+JFSenP9DTFAArAAIDBBQDAwABARcDAwBEmIk3Cfsq8y6kfOnRgN2JvXSQL48Jsuhz3DdaihsLhjVD1fUjNsHQjrzI+tlRQg3gUU5jKn9Z1P9IsA9DMYI8sr1L96I="}
00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_tot_l4_data_len":1014,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00848{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00429{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":918461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wi5AAEAGtnXAqAIQ2O8meID2AbsYfveuTGBI\/YAQAWKzMAAAAQEICv\/\/N5fDx9xv"}
00428{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":919249,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wi9AAEAGtnTAqAIQ2O8meID2AbsYfveuTGBNtoAQAW2ubAAAAQEICv\/\/N5fDx9xv"}
00429{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":919305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFRAAEAGrRTAqAIQrNkVysroAbtCYUF\/oOwtEoAQAVdCYAAAAQEICv\/\/N5fvemgV"}
00470{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":920611,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00520{"flow_id":59,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":923052,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0CFVAAEAGrNPAqAIQrNkVysroAbtCYUF\/oOwtEoAYAVd7bwAAAQEICv\/\/N5fvemgVFAMDAAEBFwMDADWuL6pwY2dIV5u6\/9nmZIIdexhghTCWFLHE+GEvRKQh3wPKjSSu8ku0XJIM5+nfYupn+ZOFrg=="}
00549{"flow_id":59,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928214,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKCFZAAEAGrLzAqAIQrNkVysroAbtCYUG\/oOwtEoAYAVdWOQAAAQEICv\/\/N5nvemgVFwMDAFE\/VvvW6mNzVmgxZNu1+N4cHNqClH7bFY48b+AuqXlO9Z3OTRtvnlqvsWLprVSmODGDssPWzMZd8iaoYJxU+Wl3eDbRZPkYJ1PQLnFB8uLLHkI="}
00429{"flow_id":62,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928396,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0++4AAHUGxfes2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBd+wAAAQEICunZkVb\/\/zeQ"}
01190{"flow_id":59,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928840,"pkt_caplen":623,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":623,"pkt_l4_len":589,"pkt":"xiwDYGpkTGr2n\/YnCABFAAJhCFdAAEAGquTAqAIQrNkVysroAbtCYUIVoOwtEoAYAVfpvQAAAQEICv\/\/N5nvemgVFwMDATdKL3OrNZSmAwMjJqMrvJVyg855UxEWRpxGgcaoPXmTnsSLvpTYH6BLB332un5PVUkjSzbZV1bWN1J+mV7bg0NcKAGygA62ln+wLaJVHCwaX3yGNWjy3v2TS8yYi9LRox60uXte5eQLnTVuwUpGLxWsIWfouu70\/IA5kqZO1\/eOWK1NqwWY1rJtc0mrgszJ\/fW3DI5\/COHYF6qndPsnowVLEO3eg77anY8GnaKRf9QORQ3dDbnGYu95icNPQLmZgtqAmf\/gioGn9ynV6vSzS2BcLLuVyDJ25lQG2\/aJnW09dm5bTxnxXL4AU\/rFK3DRRfLM+r68LzndF1cqPIoX8htgA2aKjoCb1jz6PmfCQagVNOSGh8YIwKvHQZwoFgSOvZT3C+YfwZp\/RBvIvUet6Z5QGCA6BsBSFRcDAwDsgAu6J26MgG49fR0qdXbyXcC2691mplsJGbZdCWdJl\/aFUs42hNKFU\/LYh21U2oaL1\/mx5+oDCV9dNqbCAFcDH6qWdVrr5xVew0ZiJS9HwPruAZz2MCupLTojaFRbTOhAaLN8t8qXnCdAOhOWrUYSU2UcLQPOA4BKK1+0Hkyk1A9psGRWJvAJuP686vu7vgMDDyrjAfvpGlkZDfxRy\/oBZc4EVdcSVddlv2DoiyQ7PCFpl6c0s6wEcqMjgt3LVe7b0Lvt5sEMS628\/ZbHBFSUyvsYD\/mW+rE0ZyhejU8087WcyKKGlfhkRDcRdpY="}
02359{"flow_id":62,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933947,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW++\/EAAHUGwGqs2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBpQwAAAQEICunZkVz\/\/zeQFgMDAHoCAAB2AwMY5WYYbqaFaASWW6jnJVf7U9p5XrUmWmpm6Ht2OsAkJiB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZBMBAAAuADMAJAAdACDAFdUrGj3bDPlmUUp8ngJrhEzu1yaWXZcraV\/aNJWbIgArAAIDBBQDAwABARcDAwtmsLRa58pzHIfJsc21G1uNReYhjZA4HvnFk\/S8IS\/ovK1Fa46AuRJbbd\/SBkQH3JOO5OLSor6xFjawkjg2pebtEvSS1MUT+bFvAB\/gwWVIJ2LaSgR1tJcDPx2dsgTw310EQdw\/pNF12k4r449An\/qDnLmVOGczrNNP49hCF5Ia+xEzx9\/c7o0YIHTfkzpVFEbWvqYmT1LAHMSWTJLTWNGncC5WaYnt8XB6qNKunKLJIJQ4m+yzyd7iECXhw4j+waJixfOcoZixpRO68SneDuGGpHNOj9Vg8bDuBusU2D22pjIvrrbkw39EGYBPiZfq4yy3NVohH9Tyk5vgBv6L9XkYdPu1lsBZNs96ieFDUuULf7ybpGBVgQIjqb9FbE9\/2VlzBqMDSNg\/NHyHI+7jQ8B32mB8p0XhdpUUb77Gczzu\/8GgROsDt5FE0XNQHUJxCLmAoQk\/r2rHmHOF2codfTtVt0qBxFsSw6kJPS1Ngkah0+0heiyqxOJd6LZrgLqnHzrw7ffXQgRtw0k5V6lZcithG8iqDzGyGhh7kHyYh8gSiDhn1\/qqrEPsinjKFCrcDy15UEguDov38fFdUR87rSynbaYHzcKcxgn6\/AUBZrFdBRuV2aC2xYoPgEy4J59XDTipNQkbNpm9\/En8SppUEjoJdp4W0urkLyMnxdE+e212xefreD8Vf07l3xo881eGFfaSwt\/9qb\/lkcJdIy9eww8EL8x\/M6ARJ7R9uvOdPlnvbMS\/gvcaxpVJxC0bB1KFizr08xT2yD3qp\/fRyB6wvVKIWZkTlptsyz6ksxLYMY9uQ8ZWbW52LwKg\/e0sbE92nCN+7Dpbzbe\/Zt9DhKNHCocQGTVEqpfY3pFDZ8NAX+cqiw5fTs2bvhuqoULfj+PY9kv+\/KOtBLs6auQiswxRpMDEUY7jLn7Y5gxsvllNC5w9z1U53PzMyCHbC6y+byTPTQu7udXi5UXTo4IfJobNukPgSf350\/mJCLefHxGSbEkpaIcCrl+DRBuUaGZdJt+XcYrfRyWimRPFrZoj70aE78wE+Bj4kRi0vL0ogx8PcW6XhEJqhEj3GTf6cAQaCK09K5rS7G7cz+EzGtvV4LD2t7axQqVOkC9ynUTWr\/sCdUm2MxmjCREWKeksrOzGH4A5ycN+STg6ikMxsmSHflIqNWPq3jMfYwSbbNGUZB7XvFpfYuRJ5WympQOKAfWJo\/hWFvIRDGLm0VmRS0hO3FQkS6rKIQAfDafXOcdhar75whYOqBeN+V+bNSeVEZGoX87rgFWqW4t+1jNFZ3gQDoLISrrgjggXAZ0yF4olD1t2FJ2gMWlP9CsJgFlwhs96Z3UcUMZ8kv5nwJkjjsD73CIdEidbBlb7tNT4ews2qnUwioO4UuBueQPR7XgYaDqVzmaACvVWecMODUNYKtV6ZgrFfbxA\/Nke18pXDb62Chp4z8MCNkzNDlZJqNmXvsIE+HSyCIo2YLxXWFAgvBvmzRtPVRXsdyRuEAlLVDpFgu8cuYVkNX+l5aASutLJWqFv1Cyo7TNYKSjMBd17QOmk\/l6MjgUtUy4H3dWGHGS9MB5mG+DFA0nUne2zuMIChziPpKOIcMJ55zNYls39klCKNBhwZxyZPaB9L7zXFkkyDehF\/57HLyrqz8G2cthrQQe7SPunALJ7hOmynS1h4UJtrV9RXfu7it3raX+HUIl\/ecgYofzt\/8w="}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00844{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02356{"flow_id":62,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933961,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW++\/IAAHUGwGms2RRMwKgCEAG7qn7jcDFEpd5\/8IAQAPAg7wAAAQEICunZkVz\/\/zeQin+K29WjhzqIlQsOlL9mUV3D1i8erOoQnAdFP8H1jV\/up+FHLX894E9mq7TdGVNqo8MpScCMaq0EXxPZfHAUyW+S9iaEqn5ZB6ZWSWxvpQZHbP16rteeiLf1aybO1jakVJS\/+S9iTPSvWqqoo8ZSxrRx7UkYzbAYlla8c\/Q4NkSLnNQARYa7mqnvpflkYQXYcdo8xK2h5FZ\/OyOS7cTdDFI3xIvk9Kt4IU8zLaO0B2+DHKtoi0oI0xkja3pahpAm2qGm8dAv1UFfJkfAiQHlMPgZZsptqIa4gd0SMs8R2irP8YxDfpGl3zP\/i1D4WLfSkQjKHgFqscAjiNoJJ7dtSH2bGmzHOV8zuafy9LE69CbzZ0dTWMZkPD1LC65hHdjECAqSFSy0zzoofm62wK74ty53qxd6S5wz+I\/R2V1dVrls3f+o5FdtEhxAXZ6uAgTIraMwC66ONbpIVYcRdNsvhrJ+1MI+R8DI+xwjveGMCc8103nLr9xnohlktbkgv28xfQFArBCfKboe3qM0Zbj+TpB5ub4aWXtc5sbAuk3ZmRaLEKYEAHUWkz2zIezc+pC735DOw6ppdbCXAzfzzer2FWYlizvVU57w+uErzGlpfvIPzqwl5F\/mEzyI4Y\/o7WQkIYBUnq4fAaO7HqwECM9xfoFY1PZ+FG2N9biGtBw1mKVoMjzaBY7SFGM2S+gGHpwuRtcF4mVPBMXZEtrQEO8E6crpeCe9kCThWztmaN1Y8reUBdyeJ9U+NEKWM2cdgKIXgvihRt6\/HyZZk7pSW8oXwW\/nwV74YATFzmEv2w3ZFkVY50LP7mJcRMTIXEjucaoRkhhlRNCySEvzFWMMkNNcKzcTjawZPORBlGqMMA865ebnfmz3fucJqegh+zE1nX5V4OubIN155066U8DXO2RmLgPcfc8t9YlGXVpRTSIV8Ifc+41+e22k43tDgBMWYOzeYCLuPukpLgz8+fzj+YUQzzQsEycvFlujMXPXxDQ2yJDnjNWAZ\/PWje+XjdUq14Em3LM4xOZOoURNoEVAWnfA+fHLjh44CBDnILb+i4OCWxwkrQrlzdcjSi2faHl76jBt2cS8eoMIaXbiK+0gED3yqd1\/eR33nJDSo+\/C7s\/QkEIa0Z30cO589bUkYo6jU72V+GxpmiiKRoPHpmv6Saw4qBClcz0qeoG4etjbVxpeODXNR9coAH\/6B4DgeQeYC\/2yztIx\/\/XhQSum3R2ycI\/2bZZtoXxLBmN+x236jlLzXOmYk04kKeSpyB1COCKE2KKy1WbKE5XXjiHNHI33c7hg6hy1nv52PITxMMMZDylstk9R0mum4lD8z+CW+zfUtuL2xQAXBOuoRy8bK8ZubB8V1ocIsSomtubtelDRu7h0TA2Vo2am1eYz6+RjWUxxbd45HiLMau+RJ\/mVdqEffAtgPglU7O1iUDU61vZDScU6OcTIXWJ1nLcjye\/GiRUE99yqUdgrTacPoBV4iwOa8jhoEjd1OH1vHtylW4U3TUgpA+bdsrryz4RrzT3QVn0GDxdooajdqOhIeYod2s4sieNDVK\/LgJZbjdYpfHCxLlLPc\/xanifuvHcs4DIxivgPGAQcBJVxyx7GpYqYyfSpBjmHDPww0rxYgCEH4dqWxHqJ3dutdbHCYYM3AP30GRQPUpjwTOwIgG\/YGuvlw6XagViWX3tSOYMwHzSWKzAy4HWOlB4+TtqGOw+uorekppyYjQDCGRknpCAOaaltFaTrgrimVSxA0Q2PCTMsZSRUlIPEZJgTWhokV2JGQZowfZ6aCPBBXYqz+5wIpRRyt4rdGlGZoI\/R32pRZT1Ma0+rngd1IolVcvriPTK3dBk\/6rn6yCleHc4E\/l4xp9bHHqn9Bii3NQOpz8Y4dYjm\/xs="}
00732{"flow_id":62,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933962,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEQ+\/MAAHUGxRas2RRMwKgCEAG7qn7jcDbOpd5\/8IAYAPDC7gAAAQEICunZkVz\/\/zeQ5ZMFJGThhmhvfLrWTr\/8+p4unKTT0n0E5LUmkSu428EPzfUlIpHGEhMRzSqBTdvJEel71Rrs340eQFiAU75SSl59qD5iSohBU9XX3H3SHlycFpw+sZhAEbXtFZP6RM47+u8indZ8CvZHpJ11K7dlTsGom6Qyo1Ezyk\/CZpxwUp+ChC6fcNOGUvWnQBdWeTRa6Sju7NI1uRpMdk7clRzueQscobaxkRobNrLVctD\/uBjLfV7eIg+jPkKsfVbryg3pxeLwxDC9X6TrBCZGeCaDwkRIHnPvWw3B7eJHMg=="}
00429{"flow_id":62,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":934993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm1AAEAGbHnAqAIQrNkUTKp+Abul3n\/w43AxRIAQAWJX7gAAAQEICv\/\/N5vp2ZFc"}
00430{"flow_id":62,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":935354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm5AAEAGbHjAqAIQrNkUTKp+Abul3n\/w43A2zoAQAW1SWQAAAQEICv\/\/N5vp2ZFc"}
00430{"flow_id":62,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":935460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm9AAEAGbHfAqAIQrNkUTKp+Abul3n\/w43A3qoAQAW1RfQAAAQEICv\/\/N5vp2ZFc"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1582454871947,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1582454871947,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":947536,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
01224{"flow_id":59,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":956059,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"TGr2n\/YnxiwDYGpkCABFAAJ4oicAAHYGGv2s2RXKwKgCEAG7yuig7C0SQmFBv4AYAPA7BAAAAQEICu96aD\/\/\/zeXFwMDAgFwnz\/9zhRq4TXfEutQixO90s6NJDKzRX+t6Ws7YF9lyrfbOzWQsc2thx+Tb3wQUxf8fi+pRfAi\/8BcINWRBGqj\/QiHgcq+tb74JSa2X\/6Qp4RyDQWP1I+2T0z1lBLObAsIHL7RLLga88K5AzjuA8EBjfdsrdjU+J44oERrTrKkqH7P2FlUG\/Q3XYBdFZxIH7d++aB3J+rWChwMb5HMbJD6\/gg93RxX6yd0R4R8+GOcvOafIbAYt+Q87ACyAqy524Jn9oskdr\/4tbFrIJt3PM+K0yEtkdSEAueUmFbbwAz7FVf5y1TmElpAAHFFVh1B8KQkmZnCRalckQpS24sutmF4f7kJlocTFPRfIrC8oy+wwcbbEXHoSsB6SnDSGv46vOLxB8nexElYwc5GPHRAhhBFk9uibdCQLOaDNE5RlsTMmtrCdJ3txU2GyYMzvVutvzxTd+dJ3G5IF5pN0n\/5moaF33Lt93ZmxwWZhEcoW2o0LbL7DK5otINHZP5AQS1r4Ei2Q9PHyqlbQQ4z+J6S\/gukm\/mJ8UlOac0dJzZWKH7WRPmYx0tIPfAXY2aKxcF+cwpmxgEDPRE+03rZLzZ+CxbO2UOA1yX6zYY\/VRSdzCZIw77eZfa5RVI5hI257PJj9N8s5Ro\/4bnH8Jasr3oLP3ClFoLCoExQQJKf3a1szZWfd4AXAwMAOXMDVRsH\/SQwHn8FOeCfp9pHQZwIAw96\/Xsc67RXMq1fzCZqAy+\/C48zV9GMsRRqs7PydqSSO6LNWg=="}
00474{"flow_id":59,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":960810,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"TGr2n\/YnxiwDYGpkCABFAABToikAAHYGHSCs2RXKwKgCEAG7yuig7C9WQmFCFYAYAPA95wAAAQEICu96aET\/\/zeZFwMDABr3Fs+IhNHLfhmvUV\/iFyWjU03ElxMerhpH9g=="}
@@ -560,21 +554,21 @@
00429{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":974035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
00430{"flow_id":62,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":986870,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SnBAAEAGbHbAqAIQrNkUTKp+Abul3n\/w43A3qoARAW1RcAAAAQEICv\/\/N6fp2ZFc"}
01127{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":14369,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5i1VAAEAGJ87AqAIQrNkWCq1WAbtFj7zP7b1+\/4AYAVeASwAAAQEICv\/\/N6+7R9gEFgMBAgABAAH8AwMkp2qM\/0db0DeLmsnG5Et9Elmp4AHL6ZUbDww1dSGLViDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAbABkAABZhbmRyb2lkLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBdVAAAAAzACYAJAAdACB+eKFCipAuqOQg5XnASQ8WeZbYj9YMN6X04Jt8S8pzfAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01124{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":15952,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5Fo1AAEAGnlbAqAIQrNkUSs0iAbsOnCHi4lFSVIAYAVerwAAAAQEICv\/\/N68TCsRqFgMBAgABAAH8AwNz1LPSLb66vIVVbsJEbO8rYoUzZ7GYYLjTyvNVKkYlfSDBTSmXKzrioGGWwSCGVWAYIYzoWG\/0EeuQQ9g0J6ik9QAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzZW1hbnRpY2xvY2F0aW9uLXBhLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAABAABQADAmgyAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIMPUFJ0SGA7J26IrfYJXpc5MBLMHrRFiHqhzJJp5bVBqAC0AAgEBACsACQgDBAMDAwIDAQAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00813{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00521{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":15971,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0wjBAAEAGtjPAqAIQ2O8meID2AbsYfveuTGBNtoAYAW2umQAAAQEICv\/\/N6\/Dx9xvFAMDAAEBFwMDADVbu6lmuoyUsN+4Pg9R95AiJ3cOU\/w0ELRSdXuiw82zCKp2P\/R3ocEPaJdhwqvhDQv8ND4drw=="}
00549{"flow_id":63,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":18285,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKwjFAAEAGthzAqAIQ2O8meID2AbsYfvfuTGBNtoAYAW1KVgAAAQEICv\/\/N6\/Dx9xvFwMDAFGzhX3zSHCSeQpcf+zj8Wg7u0+TqEYwPvzEsCCIKC3h+Rh2v2i2Wc+KkH4gJdydkzKfja2tSy9hV1nfpRWuGELl22sRnalE\/L4M0AIVuHR+R3Y="}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":21787,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01757{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":21845,"pkt_caplen":1038,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1038,"pkt_l4_len":1004,"pkt":"xiwDYGpkTGr2n\/YnCABFAAQA\/A5AAEAGeMnAqAIQ2O8meIDcAbs4lM0LVf5IAYAYAXhukgAAAQEICv\/\/N7Am52FYFwMDA8fkS\/Ydkg506bRsDx2aMu2LlYm3FmTcPfwbGg1JlpJX0\/WGVHylpv2llZD7rzzljb59bzFSez1T0MCbZ2bGCu\/qVr8XRR0Zowqkuedp1eBCfKnQEa584nR3lZivymtrU\/m0+f18jhItxNeYyEjfpEax17Gx6tBHE0eut62vMFfbiMGwIu8sa6FlWlInjTE+E7c2x5MK7iSwLlrLndU7Oq6x76XI1\/8pAavRR\/K1SykGT8f1mk0Le9kP\/af6ITJ9tImH4FaZTMOrmb\/Mp0ISTHIRrfWte7x6HwM5W+XROxPixm+\/IiiFY86CJsxNB7PhhkUTFLJ1OHsK\/9ekMdY083fBvAgMXLB19zCUer\/QrZpIC7ii+BHMAiE6l2zib1DDyt9S9DX+bbsIozF9Wg6RdT2vUP35mBh+mnYPtqLId4ogcPD3wP8A6eLu4Ox+7IiY3Ay19lRbEKY3W5GiAjwTFKsPmbcmVomh2KflsF0hbbJv8J920A7jlZZwPOsMgYVbx66S8LarZ4PMaYdclhQC1\/Bd7gbSlgyHfTwk2M2T5cgdIUbJKFr28gFjhBMoIOJ7aDPC+W7mHpnRRbsi8zigNAjk9Iq4uJ63eMGX6e86osrzVxl1YZ0VqTV3SkdM\/pJaP0SfN\/qPVNsTlepIk59Wp9\/qpxV\/RFzc94o4ZHakNsvKrpmha4jwrEfQiHwotG1ix0u38qgKeFd9OA8ntI\/Lb+8exQUk09KZYhOcxUkpmmzlFFTHCis8GFZ0dHg+dFp2f0z6mn\/QQ7gomWCTl8AUdhzY2PyhssLHO7nllYuPjQIvE7UoG+Y9Yrb1fLG3OMHiAc5VBCF26K\/XGR1T918nNJLbrky1nCmpVqOKDX7KsgLDTwpZjXI4Mn+dC1ajE0U+B9YMZvQJGINvQIp8DuxCSO5m1p3+VtQOsgtolIUlC8zWcFTaoZwypwVbXyPXUUHuBP7oDFaAYG62usQonw8xG5LlazHdAHSJCLonePTXaw8gtMVhCaVTN3tdnb6cG6iCZVMAqn3FU0GIV1h9tlVmO5VMJsYAtGwcOSbRMs4FpKhg9KLTSbwuhzw\/x+qVSm5FE0A1\/fj1TUFM7MyrQtG9njbPDfp7Vtn5N36RDG3+aVdK3zRjNk9FbwSWBXT2d\/+FzZ\/kwRoqI1aWkOFuBNSyV7UsGI5yTB3k\/vC13dwy+KKNWW2EaBfaeFjurAr9TajB5brdV6\/BoloMVRgKEkcSUmkfQiKmKmkKh40DJ4\/9bR3TDteTPMUOkoZNJoFHTTKQoTa1r1ZDDfap"}
00467{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":22430,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00430{"flow_id":62,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":24686,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0\/AMAAHUGxeKs2RRMwKgCEAG7qn7jcDeqpd5\/8YARAPBRkgAAAQEICunZkbb\/\/zen"}
00429{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":26304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SnFAAEAGbHXAqAIQrNkUTKp+Abul3n\/x43A3q4AQAW1RCwAAAQEICv\/\/N7Hp2ZG2"}
00428{"flow_id":63,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":30811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0APEAAHUGgrPY7yZ4wKgCEAG7gPZMYE22GH74RIAQAPCtwgAAAQEICsPH3Oj\/\/zev"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":31849,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
01218{"flow_id":63,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":32305,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"TGr2n\/YnxiwDYGpkCABFAAJ4APIAAHUGgG7Y7yZ4wKgCEAG7gPZMYE22GH74RIAYAPAjvgAAAQEICsPH3On\/\/zevFwMDAgGbyx0dKct4w0cQrKZqJxffiNdC5O312J70N23BOeqnmk+hhM9WV2qnmeDthqciqQNupEqy7C\/aa1wK6d4WZtINeu6mGTxcrFQs3ogNfXsmdkJqn63Akwiw9P60XEf40nGZPQAmzdgEFh1FYQ98FVevYy6Asv5g3gBWwcTFNpeKenDVKORJxxBaqHtp4FgzzykiwuY9lkyaotVKYR02eyxVmjM7eeR+QnPpvnUQ8FEbop9St9Z6QCYn6Sat900CBT6dq4A3KUGK6AkwHNjmj7XFX4EggqIcA4rYpVxniPKn8g29p3p\/Qk4VzsdG5nbkJCQjRjI7LNd1pt4ilciKtGt256aRTSlWhF35Rpjzj\/D2\/7YoxxSRv35\/0UV7JThre9pcqfl1AFllAmC9JNgHMtmDWIzoYfhZAgMjSK\/4ITCyBs+KHX0O+xNLqMJe4ZMbaQ8tVv89XxjVs4Q97Ijia6P5x94S\/J7vJVYdzfa0LogOLmt1lNvG0Ro1PhSTwLqmCgC10POpM4BpyY637pHKSGUHHlRDUXT68la0pALORTY5PQVDsS8bRQzRvkEC4rE0yxZGa+seR95yqoWDbFBHcA7qH6wxK6xWDXeYSI\/UclLKWbHtowuEZjXAYC\/LJtVFkRxKCV91lIdMQSq6bdq3F9LLYdL+TiCrpxM2LDdJsRj+jAQXAwMAOer8Qnat2OSTMbkuMPctf3pZIpH\/sPxOx9aaFeXZGPct+pXzzgyME4qt\/Mft1CbIKAzByg7YDeDQ5g=="}
00473{"flow_id":63,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":32323,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"TGr2n\/YnxiwDYGpkCABFAABTAPMAAHUGgpLY7yZ4wKgCEAG7gPZMYE\/6GH74RIAYAPCCEwAAAQEICsPH3On\/\/zevFwMDABqhPvYLz5iU2T1bnDXI4Y7BIbGOgUS60MVNUQ=="}
@@ -582,61 +576,67 @@
00429{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":35674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0cHAAAHYGEjTY7yZ4wKgCEAG7gNxV\/kgBOJTQ14AQAPfIvQAAAQEICibnYk7\/\/zew"}
00428{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":38562,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0OQUAAHYGhiOs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPAEwQAAAQEICrtH2Eb\/\/zev"}
02354{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":47699,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+OQkAAHYGgJWs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPCMDgAAAQEICrtH2E7\/\/zevFgMDAHoCAAB2AwNCJ34CryLHwzvLQqJBIHrJFiNfsNaHdx1eR2uFmuClXyDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJxMBAAAuADMAJAAdACA2FiHMnasy913b\/QD8AjPxTZ158qLmXw3NSQ7+ASWrVgArAAIDBBQDAwABARcDAwtu16sEy92A95bKUEGLd6uicpFA4WHC4rLKfybgTNPAHyTLADrBTV5c4IIKEv9IFoc45M5PX8btWzY16aZOqr9LM9ELJYVm6X\/NDfYrhCBqLqj+riWcgSYwZ+a87+Wr7KJQYcBHr4lklP0JRGYmN9FY9Pz1zQQ48sT8KqOzvJ0cF\/JAIQKnwBHpMtHLaGUZ\/AtLTbEJ5MapLWvURb0h8ktlzQDAAyyVMGLxmlXKQbvRDTTGaOi5CRQCHs223cbhUa6u3log5zT0zUjjoRy17qxg5nrTzk3dUp40Fll8xM93DcVwPK7GwHM6j31lYumoMyhNNaSRd02qeAT6ELm7oNMScDTXUKa4IWeknB7YHVw0180XOo0+QRXMM9dqyeFI+4R21gSfJTJkx12AZNz7mQWhjq2j0qf3ka7sfKgu\/xYaYpYDINRThFNUN9qiNJ1Ok9kM7fotvxM7lnYPyduOq\/hH6njzgQAB1QAhgQBB\/Ywwymwk+K6ZgwkLcMdwV539FoVA9ZOdTPUZMiocSX2GFwF6Axz0ps+indbPd+e2VPfiNUqVEsdKalxJFe8oRsZHRlEQLVuC0w0ct0llQUXNoGtPNlZu5G3ZOOuyL0BB2h11I9fqm6LBkawbvW4+H\/78D+wJaqpbcA\/dQOnvblJ0fKDvN7l4RdRc\/+WUMZ1u\/B+czJbEfBrJq6OEklXn4SucgKv0r5\/8H3FCl2KQpcD6Hl6+7HBtGnr7cg9hk+x3mYa7eEmfBbmfzfihXHo++5dBPlVxTelhf1Ruizafsx2KiX52aCIQl\/c2JpK5kMJQSUv+kJKjQZAWVNk4Apg6V2Fv1FbBiDeaCCE6KOOh\/KehPJiM3lyEjZwAcY27OPZci8SOwVE5AH690QfqfV3D8SMcaIF2+8KSbTkUYTdFkrh\/N\/xI6iwNmWh1byxsv\/Hyc+yg69SOfJLNFnUanfcKem2HvTVukyYwaS8KgrHeeRF\/LVCY6K\/a0lnlR3cnuTZ\/bWCM5acFjYKYifWzzCCL8I3h0s472Efm9fUpYKUS13qSY36A+Qh6WLVsWyRDEcK9OAwLaj2aoQBMnGCknMZi5RtpIkPjWFYwBXc6f5Je3qRDSUhoGDwPgPudXuhgPwkqRtUedZ+cEsWxMRqSqmfSozG49RD7RJiX6P6n6N0WPDvH3XoXfmw9rQWLF0c0258EW0J68VUd48Mdh6\/rUomSl0OuwG6CtVc5llkzDAxm9w8yNAOt6EPYcyEpoq3nKfHxKt1w7PT2zByMG4ncV0956WhbAaWzEdxj5dxiH5LPT7E5OLyTQ8j\/RoTUi6z25S8qcGk0zEPA9GJ\/bVs9m8Uevoy1Mer667E1lotvxykUA5kife5GyuIZTUEcccJ4vcVoiCMwsDDIwobvPLzwqhKXcJIXKiKOFZslMNVEMiaJA7ge1eHItrLeXreKGEtL5GRXYRT0mSEe7vP9+IiBYsqmH5pmcEOqzh7eC0FLDfU3kJ7iRE43HMKPcTUnMAXhwXLSmQrqoi1rVwpZosz7ZlqJ7Rx3AHq9Ol4duCWaom7a3xmQ0b9RuXz3L2yhPzGA\/zvuDAQQltbhHtIv+NgZe8cEpXavPK2GyXPCvFnf9Nx3T6lkTwT8nyG1m0OdfUAY79bmd73qiCi1TsOxlGqZWD5F3kCQuQP2PydEUnDT8XKOtxhDg7M230TjFKoHV6Zy\/eZqfc\/tjHk="}
00875{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_tot_l4_data_len":3680,"flow_min_l4_data_len":294,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":52,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_tot_l4_data_len":6050,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_tot_l4_data_len":5736,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_tot_l4_data_len":1286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":747,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_tot_l4_data_len":616,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_tot_l4_data_len":6249,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_tot_l4_data_len":7312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_tot_l4_data_len":5821,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_tot_l4_data_len":7490,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00440{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_tot_l4_data_len":12687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":396,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_tot_l4_data_len":3978,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_tot_l4_data_len":7356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_tot_l4_data_len":4973,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_tot_l4_data_len":1942,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_tot_l4_data_len":995,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_tot_l4_data_len":5393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_tot_l4_data_len":5369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":60,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":42,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00466{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_tot_l4_data_len":3989,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_tot_l4_data_len":4037,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_tot_l4_data_len":6541,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_tot_l4_data_len":4060,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00448{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test"}

502
test/results/anyconnect-vpn.pcap.out
View File

@@ -1,90 +1,90 @@
00391{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687240,"pkt_ts_usec":992580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00429{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":64503,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":142,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":422303,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":142,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00583{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425059,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00430{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
00431{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":452023,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
00463{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":656833,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":657102,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00448{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":68210,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":271196,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00440{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":476020,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
00472{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00447{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687243,"pkt_ts_usec":71120,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00447{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":72384,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/84KwAAAgQFtAEDAwUBAQgKHA11ZQAAAAAEAgAA"}
00584{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":524070,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":251202,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00474{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":288531,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="}
00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":295996,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":320461,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":321860,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":366723,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":379692,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00440{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420271,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00434{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
00663{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420749,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95WAbsTaDYgM80W6oAY\/\/+4KQAAAQEIChwNeqI\/+VnGFgMBAKIBAACeAwM+zYdRpoPn9yYDnCChCBgRRxI\/vte+Xuq+CHHW0pF46gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="}
00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00432{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":467901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA01g8AAPcGdFEIJWZbCgAA4wG73lYzzRbqE2g2x4AQgADXxAAAAQEICj\/5WfQcDXqi"}
02390{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":469088,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc0GEAAPcGdFcIJWZbCgAA4wG73lYzzRbqE2g2x4AYgADj\/wAAAQEICj\/5WfUAAAAAFgMDAEoCAABGAwNGY8X1XGeskR+DB6H8u05zgfXUF1Em8dt25Bz9wtftVSBG2iDOKRACO\/zsXshJ8HPrVULueirBjXs51B0\/QnctfgA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_tot_l4_data_len":1823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00434{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":469147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80ckoAQ\/\/9R7AAAAQEIChwNetI\/+Vn1"}
02384{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509672,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/KkAAPcGSA8IJWZbCgAA4wG73lYzzRySE2g2x4AYgACa1QAAAQEICj\/5Wh4AAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02380{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509677,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcxrMAAPcGfgUIJWZbCgAA4wG73lYzzSI6E2g2x4AYgAAceQAAAQEICj\/5Wh4AAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00435{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80iOoAQ\/\/9L8wAAAQEIChwNevo\/+Voe"}
00435{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80n4oAQ\/\/9GSwAAAQEIChwNevo\/+Voe"}
02322{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547931,"pkt_caplen":1459,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1459,"pkt_l4_len":1425,"pkt":"NDY7z3UoLH6BsEqhCABFAAWl6qEAAPcGWk4IJWZbCgAA4wG73lYzzSfiE2g2x4AYgAA9NgAAAQEICj\/5WkYAAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwAEDgAAAA=="}
01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_tot_l4_data_len":6304,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":525,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01217{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00435{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80tU4AQ\/\/9AjQAAAQEIChwNex8\/+VpG"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576189,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576934,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00900{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":596440,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"pkt":"LH6BsEqhNDY7z3UoCABFAAGKAABAAEAGwAsKAADjCCVmW95WAbsTaDbHM80tU4AY\/\/+pJAAAAQEIChwNe04\/+VpGFgMDAQYQAAECAQBsGBLkfL+pTkLuJ1AGgMIFnah3sJlpMkzTBhiBUkjpMre1KpRGE6w5Vmh9mcRB8P2Z8iG+UJzjZhjxHKRMYI5\/HPqcNr7CwGjqxrHR8FpuukXr9KhtIzqsYfPNi4pKssz\/gboMgnK\/bH57fbMLH\/rl6Qbv+fL7TA82mmjPN0WTwWVrJUZAqyTnsUmZmpz4spFwoCJ6nU1L30wm66b9gA+e\/QX872qDo2wjvVQD8nLbP3BDVlBv2d+whR0Yx96Z8M95eNSEiq2kcSvHswPGAF1s5Fy\/Sgy+cu89iEXO3Cw7LvVg0czWvLRHTMoLLnjh0xr4QdBfhIAvFyx0cdTgHvuBFAMDAAEBFgMDAED7PFToWcuLeoMQBnfP0Z9XYdJUO2BBPTVQ39crvefndrJDQ5lSDQcQkDJTJ4R9W4JY3EjS+QSozFQVTKljyW1m"}
00537{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":636713,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"NDY7z3UoLH6BsEqhCABFAAB\/iREAAPcGwQQIJWZbCgAA4wG73lYzzS1TE2g4HYAYgACVLQAAAQEICj\/5Wp8cDXtOFAMDAAEBFgMDAEDllkG1IAug8S8sqM3n3iNS1LNB5MMCdyEdPjW7AL1gumzcUkXoZwb0oNzL6RTaSsQw4gsOBWyCNoSplvvWDSXv"}
00432{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":649655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00431{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":653537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":688240,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727730,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00435{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
00662{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":728221,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95XAbsu53n0bMwKR4AY\/\/+TfQAAAQEIChwNe8w\/+Vr5FgMBAKIBAACeAwOyKS4PH48MEPNrcANjNvEKq9DZdlehvPjBqsUvxif81gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="}
00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00432{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":771463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0q70AAPcGnqMIJWZbCgAA4wG73ldszApHLud6m4AQgABJugAAAQEICj\/5WyQcDXvM"}
02388{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":772680,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXckx8AAPcGsZkIJWZbCgAA4wG73ldszApHLud6m4AYgAApPgAAAQEICj\/5WyUAAAAAFgMDAEoCAABGAwN4vf\/NcbfYKtylqOiBV41A2BnhoFA3lGbvFRkrTB002iDNy7T+dcsoL9BRLaqv07Y1HoOlVVoee6IAolvNAV3AHgA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_tot_l4_data_len":1823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00436{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":772738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwP74AQ\/\/\/D5QAAAQEIChwNe\/g\/+Vsl"}
02384{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813606,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXck3MAAPcGsUUIJWZbCgAA4wG73ldszA\/vLud6m4AYgAAN9QAAAQEICj\/5W04AAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02380{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813610,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcm2cAAPcGqVEIJWZbCgAA4wG73ldszBWXLud6m4AYgACPmAAAAQEICj\/5W04AAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00435{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwVl4AQ\/\/+97AAAAQEIChwNfCA\/+VtO"}
00435{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813667,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwbP4AQ\/\/+4RAAAAQEIChwNfCA\/+VtO"}
02396{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851826,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc+WkAAPcGS08IJWZbCgAA4wG73ldszBs\/Lud6m4AYgAAzlQAAAQEICj\/5W3YAAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_tot_l4_data_len":6359,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":529,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01217{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01931{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851834,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPlEsAAPcGsboIJWZbCgAA4wG73ldszCDnLud6m4AYgAAaEQAAAQEICj\/5W3YAAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00435{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851921,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwg54AQ\/\/+yTgAAAQEIChwNfEY\/+Vt2"}
00435{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwlQoAQ\/\/+t8wAAAQEIChwNfEY\/+Vt2"}
@@ -92,29 +92,29 @@
00585{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":426088,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKSqauVqJ4AYEABWlgAAAQEIChwNfn0AIdVKFwMDAGltB4Q9ZE7MwMLqA\/qW5WJXb0PHNtCROrUMkJHw\/OP719Jk7orSFs9TCm756O7SILnP3vnstuJ4xPfpszSDO6LW4XcEaWDlp33D\/dMihM\/bvEZuYHMlrzKnK9TylV815IAQKWsax0+Dp+A="}
00581{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428911,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAJAAEAGENsKAACVCgAA4x9J3ABq5WonuFSlGIAYARXEpwAAAQEICgAh1z8cDX59FwMDAGnSDUBTzxnFH9ckBLkGJJxtZYOnnoJTcPtGWYx7fflTVjXPGvnWJvT5kELd8Dyk7N8gqq17Y91Gw5NO81U2bwcOEaqqMVk4vbp1wYVpe8wc5fgUWL03+X7m6bLc5s5fILREqdmBY0Re1KI="}
00432{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428970,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKUYauVqlYAQD\/yxKgAAAQEIChwNfn8AIdc\/"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":891499,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924862,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="}
00650{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924910,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="}
00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00554{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":981850,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="}
00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982027,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00584{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982031,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00467{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982614,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":192802,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00523{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306185,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00519{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306306,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00432{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":340869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN9AACoGyS80JfOtCgAA4wG73lJr8i58e2gzdoAQAAkYLwAAAQEICgJgYh4cDYHp"}
@@ -123,51 +123,51 @@
00433{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8NAACsGUUs0JfOtCgAA4wG73lNw7dXlH\/3wXoAQAAnnrAAAAQEICgCNhpAcDYHp"}
00520{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347888,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8RAACsGUQs0JfOtCgAA4wG73lNw7dXlH\/3wXoAYAAmExgAAAQEICgCNhpAcDYHpFwMDADoscoyH7e3mD0YV5j76bq2IiuIC\/UPtlNWvhrdB63Msjxv0jshQMl60ISItlU90x5KX0HExOJgiVTIM"}
00434{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fBecO3WJIAQD\/7XUAAAAQEIChwNghEAjYaQ"}
00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596034,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00585{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596449,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00593{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":5698,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00625{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":6173,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
00467{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":620045,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00432{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00585{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687250,"pkt_ts_usec":667991,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00434{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":177008,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00560{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":230505,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":42,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":429955,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKUYauVqlYAYEACLWQAAAQEIChwNkfYAIdc\/FwMDAGnBoRpnSakDpbbtOO1oFQFMvTatXfQ13YvHj0oLfGJl9JpWlsgauBFeoA7+JlmFrD8o9ELaYLgs9RsfLxNGWM8Fap769GXl+TuJe1SDZT7YsErPd9vuIVPm60SZhhH5VOfnzBgNpzDOaYk="}
00582{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432009,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFANAAEAGENoKAACVCgAA4x9J3ABq5WqVuFSlhoAYARVo3QAAAQEICgAh2TMcDZH2FwMDAGnME9q5WBaoTxO4eWqtx9PaFo02Fc3nfPNp8pF7vSt+swHbhi70yI0wIgY4irdjppeso7+tYJgVpxy3Dq7WX32l1ccQW5M5AFGSshc12Yls9xl2CLpSmG1mEsWpkHkZoEdQqG0j2ZVcEiM="}
00432{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKWGauVrA4AQD\/ya4QAAAQEIChwNkfgAIdkz"}
00585{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687253,"pkt_ts_usec":740196,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687255,"pkt_ts_usec":989610,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00460{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18232,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18732,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00443{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50128,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00431{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
01132{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50357,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"LH6BsEqhNDY7z3UoCABFAAI5AABAAEAGp+oKAADjY1YinN5YAbvhhxKHOgIvCYAYEBXjtQAAAQEIChwNo+1VvxWbFgMBAgABAAH8AwP2lJ2Zoyt+6aEF0xJ\/aUe6evUZainhAnYJBIQSx1\/tWSCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscgAcmprAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZfKygAA\/wEAAQAAAAAOAAwAAAlzbGFjay5jb20AFwAAACMAsP2UHl3lVE0zaDd6PBof23w+FD8mx8e3Phvd1tTaMrFhi9+Td+e1NJsUbpbP9uRq3tuE3zRBdy5hybNsk8MXE51kvVMK0eOntSrDahuD42sFCkzVH\/S0PgpsSfI8A+giwf+frrZktkI4KRg3hCDL3AxOeo+p2XlfkQM+Sl1864masTeQczQS\/W7RtMRlmXf4940V2idU49yugeM67ej0Z92wy18bTBX2me+5KJfbuIBfAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAiamgAdABcAGAAbAAMCAAKamgABAAAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00432{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":92301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0OpdAAO4GwVdjViKcCgAA4wG73lg6Ai8J4YcUjIAQAHZ65gAAAQEIClW\/FZ8cDaPt"}
00634{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93242,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"NDY7z3UoLH6BsEqhCABFAADGOphAAO4GwMRjViKcCgAA4wG73lg6Ai8J4YcUjIAYAHZtAgAAAQEIClW\/FZ8cDaPtFgMDAFoCAABWAwN+R7Nshs\/ehq2TNPP3JdaT01yY+pmTbRbKEq72Sa92tyCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscsAvAAAO\/wEAAQAAEAAFAAMCaDIUAwMAAQEWAwMAKDYMjtJfzeRO5qVw0Kt+Z2fVyY9j0seokftrrwCnACaby9QeanHF8og="}
00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_tot_l4_data_len":875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00431{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxSMOgIvm4AQEBFqkAAAAQEIChwNpBZVvxWf"}
00503{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93486,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"LH6BsEqhNDY7z3UoCABFAABnAABAAEAGqbwKAADjY1YinN5YAbvhhxSMOgIvm4AYEBHMjAAAAQEIChwNpBdVvxWfFAMDAAEBFgMDACgAAAAAAAAAAEkqWW9vMe9wu\/mI5boJymXWXb6Kk058wzXcVuC6\/gkE"}
00560{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93779,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"LH6BsEqhNDY7z3UoCABFAACRAABAAEAGqZIKAADjY1YinN5YAbvhhxS\/OgIvm4AYEBF7QgAAAQEIChwNpBdVvxWfFwMDAFgAAAAAAAAAATNLTuPHYyyTgb1ohdK2597G2vdYRI46G8U4WDCMBl2ySdHDtlVf62S4aRN6D1TdJgZ56yZhvPyeVW5\/6m4IoUR0g6x+NYIy7XNmMXQx9rbv"}
@@ -189,36 +189,36 @@
00433{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687258,"pkt_ts_usec":21922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fCdcO3WY4AQD\/6i5QAAAQEIChwNq5EAjZD9"}
00555{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":269679,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
00583{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":270105,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":297056,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00585{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":679362,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00417{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00416{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694131,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":710445,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJtAADgGjt+4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvGjAAAAQEICuMVH+AcDWN7"}
00432{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":715492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJlAADcGE+K4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPOM2AAAAQEICuMVH+UcDWOU"}
00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293660,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293706,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00470{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00595{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294255,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsLkIAAP8RoS4KAADV4AAA+xTpFOkAmDTPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00627{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294693,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8UAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":469013,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00432{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":489093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00476{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521340,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00433{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGkA8KAADjI8l8Cd5OAbsN94zYsPePtIAQD\/8+iwAAAQEIChwNtUwGQOpe"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":591875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00450{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00432{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
00637{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620743,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="}
00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00435{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":655570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"}
02212{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667151,"pkt_caplen":1374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1374,"pkt_l4_len":1340,"pkt":"NDY7z3UoLH6BsEqhCABFAAVQE\/lAAPEG\/OQIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAYBDDc3gAAAQEICnimv5AcDbWtFgMDAF0CAABZAwMaAXyK9KQuuGETu8cld9JV+FK0SGZRa7CR6lzcsmkkxyBhHCxWTv40pUYrPrn3znrxjXuLJZACYw3f0K4HrVcFssAwAAAR\/wEAAQAACwAEAwABAgAXAAAWAwMDPAsAAzgAAzUAAzIwggMuMIICFqADAgECAgg\/CBLhDwTMuTANBgkqhkiG9w0BAQsFADBXMRswGQYDVQQDDBI4MTM4NDU2NTcwMDMzMzk4MzgxDzANBgNVBAoMBkNvZGU0MjENMAsGA1UECwwEVEVTVDELMAkGA1UECAwCTU4xCzAJBgNVBAYTAlVTMB4XDTE5MDgyOTAwMTI0MFoXDTE5MTAwODAwMTI0MFowVzEbMBkGA1UEAwwSODEzODQ1NjU3MDAzMzM5ODM4MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM61Q49djLnJMOmkIF0ll0F\/YDwr0sJF\/HQcSR5fSdw7EdXfDbna6x6jdhxE3Qn9gu2zsKj9DdoI9x8pHf25SLIxWtWtVXw64g9Cp6Akq6ue6XUldOaLIbFwakz0yvQNQHH4InGpGhOI0r\/JKwLXHTVarq8xZxz1qic9dGtps1TA1LnKt1ghcAC9UIhSSffTCRd3Hsuy9tV+rAge2xQcSFu5jpM3jMoIhFZ64uHnyNVlB\/PvazPdCIc\/da6TNg09oFSH\/qcSJW25ei7RChN\/n+1Y9ZZlpthcccET79wBa7HyRx3NeKMXBXMjRpZ5jHAXjnoyo9EGU5NYfQfrfADRdd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaWilMnLLGQ2gXstlhQSHl0BxH9M1oZmy0zk+yCz0sx7sp4N4CzNfdXnzRNI1nOOjvmDOnoK\/rjhx5CHC5BKV8qXQgywjLv6TpvGuwR9ek3LBZZJgG6pIgEiCQy4fR4d0eonjwAPqjoL3IN6\/RLFeqp9yodmk0KnOElyg7\/70JrdDnAIUs\/fmFwqS5e9nnGF6lD+dFubpkplRTiN\/2sgrSN5o5wq\/jZw9\/jv07RNxswZ5b\/Xd\/m0seIx6S1aem4yFFpkW0ITMdscZToISSQJH21J82w7v+XjWmRg8mKpjueRaAmkWA0zA0X3yGm4a1zZlebgdFsP+1JTYS0\/4f7yL4hYDAwEsDAABKAMAHSCydU7QFYlE7imdhqa9AKGI8iMYpyccCRVwdMVtjxjGHAgEAQAOARPwkWMmg0R+fWFN8NRAQUSZPBqQ+HjdO1UI\/nFIojvvLcZsbxvEaJchrGKOwGbSsdK7ByPKFgf4xrxfWdx2lNjk0e9lLlSj20fPMXT0xD27Ai3JNC25GENTyTLxYdyFsANrA8WgEjo\/iRVH7lEYalpVjfagu0RxdU3ZUg2ouUrRkO8szgI+\/GQEOrUzC8+QTDEY9Md++ju1GWO07jJJf\/OlJg4H696Xgf+QXL0iAe5WMgucOeJioRMeA4H9BQGTv5XmpzqP\/6JX0BzGjc\/BbpIF2EPv\/T+uQX1X6A8Kw18ZHBNrHocnkRYb3DnvtB5Jzn0dqWmkTJauRfEbYX3tFgMDADoNAAA2AwECQAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgAAFgMDAAQOAAAA"}
01071{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1340,"flow_avg_l4_data_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
01082{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00432{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEH9FmSAWIAQD98MVwAAAQEIChwNtdp4pr+Q"}
02051{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":671440,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"LH6BsEqhNDY7z3UoCABFAATfAABAAEAGwk8KAADjCCVgwt5ZEL8UzEH9FmSAWIAYEACreAAAAQEIChwNtd54pr+QFgMDAzwLAAM4AAM1AAMyMIIDLjCCAhagAwIBAgIIXsE90hYB3ZMwDQYJKoZIhvcNAQELBQAwVzEbMBkGA1UEAwwSODIwMDYzNDY3NTA1NTk2OTQ1MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzAeFw0xOTA5MjcxNzA4NTRaFw0xOTExMDYxODA4NTRaMFcxGzAZBgNVBAMMEjgyMDA2MzQ2NzUwNTU5Njk0NTEPMA0GA1UECgwGQ29kZTQyMQ0wCwYDVQQLDARURVNUMQswCQYDVQQIDAJNTjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYNZF26UjF+3XnUaEzq2uKuy6YckvZ5n1IhrUyH4zqRE0C5g\/BsCIvfkEE6TyupFQ4zMe+ASrbcfCFfmBXZn9EyO2y6o\/sbnd8HsF6Z3UUaKSHlnlxaRxv\/MedjLtwG3XZYZEuxpfay\/LAaGwVqFVP5hmYDEfjOT5Kd74arwkz4pyderrG697sUGTrgCw8fop3RymVwWeulqkHzdgm7wmvL9lgHGTFqzcYpnLz+ZplicVnyMy+m80fxpxNgKXAZDHsqfWX9O9dJf4wZXeSCnnj1yopzf5V0fJrs8CZKxE3rFS0er1ulRBi99xbJBI+1qCBTWPfbh7D6ri04FydMXJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsP0enuURs3RrXlAMTbQYO4wqobE2iXacBBrHaoyhepONSqo9LJeswi9sR0mW4u8pQnbYOlqS86pZKJPoTQxLjJStpwWaMckOoZFubAOcmKEg5Fv169c+tWMJLBEOBJdKU+YhDNjTpdiszbuzRV1IHnW5omZjzz8Xlq\/EtTVq5IFr01PSptO6Lm620bDTyzWb8zuoR+aK9zZ6MQSmapuxkhs6wI45NLCWPcDd+k2WXJTNEg0Ni9b9vWGyMSDvTr5jaKQL3SfcBzMGcs+ugkma3W7YyJos32zARkMqALlPxyp6ikFzYWStXBSoncv9kD5Q\/7BjaQOWjN+t4i3EVf\/eQWAwMAJRAAACEgEWtqWgfGgf7lXlCr+zcvsN4Qgt8lveG0WfR54DQFHDMWAwMBCA8AAQQIBAEAsWffEwMziaZMvL09fBehHeaMPCBPy4zOPiqMony+6Xiwx9LtzC8X8PPN4kszu6J82D28ZzGdS0R89EmGsI54fPcJb4xdJXHhRNCGJvvagm0RXsKnXJu5TU04COJlg2eWmUZFQVDXUl8lzLNpSqlDx60dYVxm\/ehx3oZkHZVz\/SX31RUux10n+FZ9kNjiYSOsnpXHHqbA1wtdNL02a3oAPazweDlxd5JS+FooA\/KVtL\/VXaGFNFM\/iUgYzUBE8FRRITZ6ZcwQjyrEKyQYJ+JZV8Z8cG3OgQJ2rRH2lrIPbNOPiuvdzqYfnVZRBXfOC9\/\/VUqYskdiTTJ69u\/\/fmCexhQDAwABARYDAwAoYHY4Vgfv4X8IKyXCBRgV3egp4WmNBU+ZqlfDhPXew9ZtGk+\/14sACw=="}
00433{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":700295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FQFAAPEGAPkIJWDCCgAA4xC\/3lkWZIBYFMxGqIAQBVoSBwAAAQEICnimv7YcDbXe"}
@@ -228,50 +228,50 @@
00434{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":733797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FUNAAPEGALcIJWDCCgAA4xC\/3lkWZICLFMxIZIAQBckPaQAAAQEICnimv9ccDbX9"}
00991{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735527,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"pkt":"NDY7z3UoLH6BsEqhCABFAAHPFVhAAPEG\/wYIJWDCCgAA4xC\/3lkWZICLFMxIZIAYBcklXQAAAQEICnimv9kcDbX9FwMDAZY7dB3xmvKsFbpSGU5Z6+l16NuHUzEljEDzWYBP7ZWZDOZTGoZRttKdAB5qRWccWgycvaITMQnNtQn+P8N1Kg9uCikre4MryKs805hwnDbcg75H4yMsR7wuQFgTs3ao0XS512SZmYqnk5GfxR8tkIzviZsmpjxotnNqt1hJbce9L+zE12\/gtwBS\/A0RRY+P7kulc8bdxkXBQAHdXgFrz+qkBT2QjVQ49lNTuiWwY4CPM3DxJovwKuacISr23vMoR08eScybdrbrMeWidZ3LeIoKrXIMea0uS8qmp8H74Xl0uHJSlt+tNY\/eOZOUMz3Rh3Rure\/HjO1mQn073Oj0H1Xou7mBj6XUhyzMVXfmTDCt6Qbnwx13I6w1ibQVWsSRt+UVC7JZQYtyT+rTqV3dImDfT89H3ss5j1zUag41AW2R1hw9XRp9WLwHdLVjvIjtxtfr2OF2abRO1GDx6aJHg4pEb6MyIgcACB8qRr\/m29KEEUlyOt5y5XgodVs9fr8EAuCcviQ8QI47peMxp0wW+xrCU3vLaizy"}
00435{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEhkFmSCJoAQD\/MDhAAAAQEIChwNtht4pr\/Z"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751472,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751544,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":767487,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":772510,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":34277,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":35342,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":50458,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":54561,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":317606,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB23NkAAP8R8swKAADV4AAA+xTpFOkAYmA6AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAyAAcAMAAyAAQhfYWlycGxhecASAAyAAcAoAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00610{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00583{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00554{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":318027,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":152,"pkt_l4_len":98,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AGIR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QBiuzAAAAAAAAQAAAAAAAEFX3Jhb3AEX3RjcAVsb2NhbAAADIABwAwADIABCF9haXJwbGF5wBIADIABwCgADIABAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00621{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00594{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00585{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":436307,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKX0auVrcYAYEABPswAAAQEIChwNuMkAIdsnFwMDAGkquNBHUc+ChscXrUtRgCMYZjRJVOaQbTlODQaeY5amqm\/GjUiqzcV41wRmui04E3RqPf8DL0M0lIjsIbM19o\/m74SCL79srfXk80arhJGRlFMGMhcIdyIAYFhKQmR+T8ve+Kap9JlvJLM="}
00585{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438389,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAVAAEAGENgKAACVCgAA4x9J3ABq5WtxuFSmYoAYARVPTQAAAQEICgAh3RwcDbjJFwMDAGk+N0ALJRzLafZuvouf5uUs5D\/U0tzAEaeM6atOPCHqQy7mpl9mt8bavf1mAJLusCbLzj5NJ+78e5L239EIVOnh5iS5h\/9VQOkeND9rF9xLGZBWJl3sT7DKnf23IQJYNAQU58BplPorNjw="}
00433{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKZiauVr34AQD\/xubQAAAQEIChwNuMsAId0c"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":485620,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":486499,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":501464,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":506389,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00522{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":136971,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB2VcMAAP8ReeMKAADV4AAA+xTpFOkAYmE7AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAwAAcAMAAwAAQhfYWlycGxhecASAAwAAcAoAAwAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00554{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":137295,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":152,"pkt_l4_len":98,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AGIR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QBivDEAAAAAAAQAAAAAAAEFX3Jhb3AEX3RjcAVsb2NhbAAADAABwAwADAABCF9haXJwbGF5wBIADAABwCgADAABAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00585{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":751378,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866211,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00741{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866958,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00456{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866959,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
@@ -293,22 +293,22 @@
00434{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":656518,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8ZAACsGUUg0JfOtCgAA4wG73lNw7dZjH\/3w3oAQAAmN4QAAAQEICgCNmHIcDcjU"}
00433{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":657346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VOJAACoGySw0JfOtCgAA4wG73lJr8i76e2gz9oAQAAm+YQAAAQEICgJgdAIcDcjU"}
00585{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":823334,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":35097,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00440{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77459,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00435{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
00643{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":79534,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"LH6BsEqhNDY7z3UoCABFAADMAABAAEAGwMkKAADjCCVmW95hAbsGNnxNzhMA9oAY\/\/8upgAAAQEIChwNzp0\/+a5OFgMBAJMBAACPAwPfZ7WFHXaroFdgiVVapTjr1SY5uqwiS6qMuNeoYJyORwAALMAwwCzAKMAkAJ8AawA5AJ0APQA1wC\/AK8AnwCMAngBnADMAnAA8AC8ACgD\/AQAAOgALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":32,"flow_max_l4_data_len":184,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00433{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":124375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA09J0AAPcGVcMIJWZbCgAA4wG73mHOEwD2BjZ85YAQgABx9gAAAQEICj\/5rn0cDc6d"}
02388{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125585,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcl8UAAPcGrPMIJWZbCgAA4wG73mHOEwD2BjZ85YAYgAAZSQAAAQEICj\/5rn4AAAAAFgMDAEoCAABGAwMS1dWiLhj30tQHka2clXwBubFYxsGakjI80hE4lMe1viAg22YFfj1x2h1EMb7b7Zs3Eyk9zl0UXNWLnU3ttyeOkAA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_tot_l4_data_len":1808,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00436{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMGnoAQ\/\/\/sIAAAAQEIChwNzso\/+a5+"}
02385{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165921,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/u0AAPcGRcsIJWZbCgAA4wG73mHOEwaeBjZ85YAYgACJBAAAAQEICj\/5rqUAAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02381{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165925,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcuXcAAPcGi0EIJWZbCgAA4wG73mHOEwxGBjZ85YAYgAAKqAAAAQEICj\/5rqUAAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00437{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMMRoAQ\/\/\/mKQAAAQEIChwNzvI\/+a6l"}
00437{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMR7oAQ\/\/\/ggQAAAQEIChwNzvI\/+a6l"}
02396{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203156,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcsBcAAPcGlKEIJWZbCgAA4wG73mHOExHuBjZ85YAYgACupAAAAQEICj\/5rs0AAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
01229{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_tot_l4_data_len":6344,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":528,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01932{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203162,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPwEcAAPcGhb4IJWZbCgAA4wG73mHOExeWBjZ85YAYgACVIAAAAQEICj\/5rs0AAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00437{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMXloAQ\/\/\/ajAAAAQEIChwNzxc\/+a7N"}
00437{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMb8YAQ\/\/\/WMQAAAQEIChwNzxc\/+a7N"}
@@ -316,26 +316,26 @@
00433{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":322277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VONAACoGySs0JfOtCgAA4wG73lJr8i76e2g0NYAQAAm17AAAAQEICgJgdaIcDc9q"}
00521{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323332,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzVORAACoGyOs0JfOtCgAA4wG73lJr8i76e2g0NYAYAAmvvAAAAQEICgJgdaIcDc9qFwMDADr34AORZ\/mswQrOpB6saZ5OTdZLtVApkLcu7nvjHL4ZxtsMSNce\/N0YGd0SLA8DL+PkoKYgkm4G3tEm"}
00435{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5SAbt7aDQ1a\/IvOYAQD\/6llQAAAQEIChwNz40CYHWi"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00432{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":454953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00432{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":455039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":477342,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":481295,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":482821,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnyhkAAEAGtC4KAADjuBk4Td40AFBjyKiBGk9l7oAYEABAcgAAAQEIChwN0CfjFR\/lR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_tot_l4_data_len":443,"flow_min_l4_data_len":20,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00840{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":483863,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiADsAAEAGfhIKAADjuBk4Td5VAFBor5yuCT1EPYAYEAk5BQAAAQEIChwN0CjjFR\/gR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_tot_l4_data_len":438,"flow_min_l4_data_len":20,"flow_max_l4_data_len":334,"flow_avg_l4_data_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00461{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":493135,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00671{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":500594,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":50,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00698{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00947{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507386,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJpAADcGEmG4GThNCgAA4wBQ3jQaT2XuY8iptIAYAPx2eQAAAQEICuMVPlUcDdAnSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKm0Gk9nboAQD\/TwCAAAAQEIChwN0D\/jFT5V"}
00947{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":512411,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJxAADgGjV64GThNCgAA4wBQ3lUJPUQ9aK+d3IAYAPOwEAAAAQEICuMVPlkcDdAoSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
@@ -343,71 +343,71 @@
00847{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":514776,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKm0Gk9nboAYEAAfMQAAAQEIChwN0EXjFT5VR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00947{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539325,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJtAADcGEmC4GThNCgAA4wBQ3jQaT2duY8iq54AYAQRzgAAAAQEICuMVPnUcDdBFSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKrnGk9o7oAQD\/TtGAAAAQEIChwN0FzjFT51"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":677665,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00484{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713276,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00435{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00432{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":764612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":797747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799414,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799516,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":800486,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":802917,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKrnGk9o7oAYEAAbSAAAAQEIChwN0VvjFT51R0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":805043,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":812729,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00647{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":814292,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":39,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00948{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818781,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJxAADcGEl+4GThNCgAA4wBQ3jQaT2juY8isGoAYAQ1ulQAAAQEICuMVP44cDdFbSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00779{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818785,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":58,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00706{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00434{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKwaGk9qboAQD\/ToPgAAAQEIChwN0WrjFT+O"}
00603{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":819793,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":50,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00506{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820816,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00416{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00432{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0+WVAADUGn84ROZB0CgAA4xRn3jZl3bfmMRy43IARARmo0AAAAQEICtWmYt0cDdFW"}
00416{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00603{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":824238,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":51,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":831823,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":841212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00502{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847611,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
00659{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":35,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00468{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847625,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":41,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":851029,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":865600,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":41,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00433{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":881275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":988009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":991361,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00431{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":26329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00847{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":53551,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKwaGk9qboAYEAAWhQAAAQEIChwN0lLjFT+OR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00838{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":57131,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiEVkAAEAGbPQKAADjuBk4Td5VAFBor53cCT1FvYAYEAAVugAAAQEIChwN0lXjFT5ZR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00947{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":73855,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJ1AADcGEl64GThNCgAA4wBQ3jQaT2puY8itTYAYARVp4wAAAQEICuMVQI0cDdJSSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":77677,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00946{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86320,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJ1AADgGjV24GThNCgAA4wBQ3lUJPUW9aK+fCoAYAPyo7AAAAQEICuMVQJgcDdJVSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00433{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td5VAFBor58KCT1HPYAQD\/QiegAAAQEIChwN0nDjFUCY"}
00432{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":176732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
@@ -418,24 +418,24 @@
00434{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8dAACsGUUc0JfOtCgAA4wG73lNw7dZjH\/3xHYAQAAmAkwAAAQEICgCNmxAcDdNF"}
00521{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339498,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8hAACsGUQc0JfOtCgAA4wG73lNw7dZjH\/3xHYAYAAl3vQAAAQEICgCNmxAcDdNFFwMDADoscoyH7e3mEaLj9szbkWqqmEqDlelG3R9AcZ4tJ3XN64I60DPQ058YYyhPfpVvx4TCC6nlGIJyOZ\/k"}
00435{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0x1cAAEAGgLcKAADjNCXzrd5TAbsf\/fEdcO3WooAQD\/5wPAAAAQEIChwN02gAjZsQ"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":376485,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":559574,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":746220,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":747509,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":787837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAenAAAAQEIChwN1R8GksZO"}
00464{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":789706,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
00564{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":790107,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
00656{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":836308,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYxf0AAPcRg7QIJWZbCgAA4wG701sAxPjiFgEAAAAAAAAAAAEAUgIAAEYAAQAAAAAARgEALUKlqOqp+9af1GcxChS4QXaLYgzyjV+CMRoD1u04EzMgm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AOQAUAQAAAAAAAAAAAgADAQACFgEAAAEAAAAAAAAAQD8tH8NZsi0zp5KqIEac2zndlXephyhcvDs6uk0ts\/C74lCOOKMP7cl2vA0Fdivj2Vu+P3CxRTCYlcHvZh6mgEM="}
00528{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":837070,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"LH6BsEqhNDY7z3UoCABFAAB5ttQAAEARSj0KAADjCCVmW9NbAbsAZSHLFAEAAAAAAAAAAAIAAwEAAhYBAAABAAAAAAAAAEB13T5lRIw++YjQQ3Qkoyswag+IeQZwzjpfo12O7l1Xcp3w\/UpkhLeZaAWDRsXTNSL+R32oH3qj2v2CyHpmZrLD"}
00573{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":850848,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZG00AAEAR5aQKAADjCCVmW9NbAbsAhSBxFwEAAAEAAAAAAAEAcJAp8TP5L9aIAzjZZH+8T1estbsDYKyCkdkhe7+UIBVsNqyejSSkPEU7ONW2iokPbFMvxRUeCNaw\/RBrJMSNbsKC3EuMrgGykf+U9Wpz8EHY6SCoix9y+LnSEFWosh2QWwehPeVhCuFY\/xnfwN3j9dY="}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":56,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00573{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873245,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZ5VoAAEARG5cKAADjCCVmW9NbAbsAhSuuFwEAAAEAAAAAAAIAcIroYcS3\/qjlLAJ5hVgNA24x6wrtxtbMm99puobFdI66KucUrXLCm27CpIExufGVwJVqf2dvO9CVHHSBup6yXTyxuJs4l0NHL\/QivpVOwo7lEHdJCThBbAs8Wx+IU5suN7IEDaosnRxSWsC2AMv9YUg="}
00575{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873381,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZfpEAAEARgmAKAADjCCVmW9NbAbsAhXmZFwEAAAEAAAAAAAMAcDzvmPLtB4V20+vs+Pcr7Wx7iMFNIgDukd6WG4O587T8V7dCFBodz9a9s7xVrA3ERlsVnzccWHU51YiWyOFePh6Fd3h3UTko6Na4xxDhX5uGJ0Xd7XUu\/x6Q+cY0WD4xtC+shdVmC\/8lPH\/\/WjPzLa4="}
00702{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881674,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"NDY7z3UoLH6BsEqhCABFAAD54UEAAPcRaE8IJWZbCgAA4wG701sA5YSXFwEAAAEAAAAAAAEA0LaEehtTZv8b2CA+a2IlOUc+Bvbq1lzEFnHAPMXuajrB85eB1MKeGzW3VNDRQWRwwuxJPQ2mMwZHhCjKnrmWW5KS2qzAK+qFSujGSVdmMGee\/7OHdHST79gz89tgHJxfuyBQfhXTys1q1mdON9ThMXarq+ChjYzv1lGnip9ves8v5LamEWf6T4IWeU4PuLdBbrziDg0Q71+FePE\/DDBfGX+DD21\/jcgPrUfagJMgvz+9HTnoOO9cEAORFAF9xsHc0X3haTRRd5VwQoJZPeiTVCM="}
@@ -446,25 +446,25 @@
00554{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882274,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"LH6BsEqhNDY7z3UoCABFAACJOdIAAEARxy8KAADjCCVmW9NbAbsAddrCFwEAAAEAAAAAAAQAYKkcQctvWgGrvdO\/PrYGLApIwYpWUheFZjMVzufzIRAcKjKNazs\/06ngcZiPVgUqhcX84s760euS8M3xIrDvpCKFzKSAjWoh4pylx4pwlItuT3UmopW385XbWJ+K1TtL4A=="}
00573{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882458,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZw3kAAEARPXgKAADjCCVmW9NbAbsAhfRMFwEAAAEAAAAAAAUAcAguDkNAFEpmjyLWL5ulA2X4vi7kL33Wj73almtX8jli+B8jjvqpmzC3x2W92joDZtuks\/EfbirzWU8ByPtXmm6aWQxjNAvCnmxuCC3eMGkqUoaqRSBLGTcN8OkSIzWZ47yqEaMjNbN1k4XgAqL+7M8="}
00586{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":895259,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":94582,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":223066,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":559943,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":561873,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":562299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00444{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563567,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00432{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00771{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563819,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"pHczjPFANDY7z3UoCABFAAEvAABAAEAGJFIKAADjCgAAld56H0gqQcObfIBtdoAYEBUO5QAAAQEIChwN2AIAIeBIR0VUIC9zc2RwL2RldmljZS1kZXNjLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE0OTo4MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_tot_l4_data_len":399,"flow_min_l4_data_len":32,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00432{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0jT9AAEAGmA0KAACVCgAA4x9I3np8gG12KkHEloAQAPO1RgAAAQEICgAh4EkcDdgC"}
00444{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567040,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00433{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
00759{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567320,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"2DE0IHf7NDY7z3UoCABFAAEmAABAAEAGJFkKAADjCgAAl957H3yCfYpFILtVvIAYEBU8YgAAAQEIChwN2AUGktWOR0VUIC9kaWFsL2RkLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE1MTo4MDYwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":32,"flow_max_l4_data_len":274,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
02034{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570064,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"NDY7z3UopHczjPFACABFAATfjUBAAEAGk2EKAACVCgAA4x9I3np8gG12KkHEloAYAPNXUQAAAQEICgAh4EkcDdgCSFRUUC8xLjEgMjAwIE9LDQpBcHBsaWNhdGlvbi1VUkw6aHR0cDovLzEwLjAuMC4xNDk6ODAwOC9hcHBzLw0KQ29udGVudC1MZW5ndGg6MTA3OQ0KQ29udGVudC1UeXBlOmFwcGxpY2F0aW9uL3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjxyb290IHhtbG5zPSJ1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2UtMS0wIj4NCiAgPHNwZWNWZXJzaW9uPg0KICAgIDxtYWpvcj4xPC9tYWpvcj4NCiAgICA8bWlub3I+MDwvbWlub3I+DQogIDwvc3BlY1ZlcnNpb24+DQogIDxVUkxCYXNlPmh0dHA6Ly8xMC4wLjAuMTQ5OjgwMDg8L1VSTEJhc2U+DQogIDxkZXZpY2U+DQogICAgPGRldmljZVR5cGU+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOmRldmljZTpkaWFsOjE8L2RldmljZVR5cGU+DQogICAgPGZyaWVuZGx5TmFtZT5DaHJvbWVjYXN0MTY5OTwvZnJpZW5kbHlOYW1lPg0KICAgIDxtYW51ZmFjdHVyZXI+R29vZ2xlIEluYy48L21hbnVmYWN0dXJlcj4NCiAgICA8bW9kZWxOYW1lPkV1cmVrYSBEb25nbGU8L21vZGVsTmFtZT4NCiAgICA8VUROPnV1aWQ6NzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2PC9VRE4+DQogICAgPGljb25MaXN0Pg0KICAgICAgPGljb24+DQogICAgICAgIDxtaW1ldHlwZT5pbWFnZS9wbmc8L21pbWV0eXBlPg0KICAgICAgICA8d2lkdGg+OTg8L3dpZHRoPg0KICAgICAgICA8aGVpZ2h0PjU1PC9oZWlnaHQ+DQogICAgICAgIDxkZXB0aD4zMjwvZGVwdGg+DQogICAgICAgIDx1cmw+L3NldHVwL2ljb24ucG5nPC91cmw+DQogICAgICA8L2ljb24+DQogICAgPC9pY29uTGlzdD4NCiAgICA8c2VydmljZUxpc3Q+DQogICAgICA8c2VydmljZT4NCiAgICAgICAgPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQogICAgICAgIDxzZXJ2aWNlSWQ+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOnNlcnZpY2VJZDpkaWFsPC9zZXJ2aWNlSWQ+DQogICAgICAgIDxjb250cm9sVVJMPi9zc2RwL25vdGZvdW5kPC9jb250cm9sVVJMPg0KICAgICAgICA8ZXZlbnRTdWJVUkw+L3NzZHAvbm90Zm91bmQ8L2V2ZW50U3ViVVJMPg0KICAgICAgICA8U0NQRFVSTD4vc3NkcC9ub3Rmb3VuZDwvU0NQRFVSTD4NCiAgICAgIDwvc2VydmljZT4NCiAgICA8L3NlcnZpY2VMaXN0Pg0KICA8L2RldmljZT4NCjwvcm9vdD4NCg=="}
00433{"flow_id":65,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcSWfIByIYAQD\/ChmAAAAQEIChwN2AgAIeBJ"}
00432{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":573371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDJAAEAGpRgKAACXCgAA4x983nsgu1W8gn2LN4AQAVwNkAAAAQEICgaS1Y4cDdgF"}
@@ -473,29 +473,29 @@
01958{"flow_id":66,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579863,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"NDY7z3Uo2DE0IHf7CABFAASogDRAAEAGoKIKAACXCgAA4x983nsgu1Z6gn2LN4AYAVwcKQAAAQEICgaS1Y8cDdgNPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB4bWxucz0idXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlLTEtMCI+DQo8c3BlY1ZlcnNpb24+DQo8bWFqb3I+MTwvbWFqb3I+DQo8bWlub3I+MDwvbWlub3I+DQo8L3NwZWNWZXJzaW9uPg0KPGRldmljZT4NCjxkZXZpY2VUeXBlPnVybjpyb2t1LWNvbTpkZXZpY2U6cGxheWVyOjEtMDwvZGV2aWNlVHlwZT4NCjxmcmllbmRseU5hbWU+RXhwcmVzczwvZnJpZW5kbHlOYW1lPg0KPG1hbnVmYWN0dXJlcj5Sb2t1PC9tYW51ZmFjdHVyZXI+DQo8bWFudWZhY3R1cmVyVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tYW51ZmFjdHVyZXJVUkw+DQo8bW9kZWxEZXNjcmlwdGlvbj5Sb2t1IFN0cmVhbWluZyBQbGF5ZXIgTmV0d29yayBNZWRpYTwvbW9kZWxEZXNjcmlwdGlvbj4NCjxtb2RlbE5hbWU+Um9rdSBFeHByZXNzPC9tb2RlbE5hbWU+DQo8bW9kZWxOdW1iZXI+MzkwMFg8L21vZGVsTnVtYmVyPg0KPG1vZGVsVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tb2RlbFVSTD4NCjxzZXJpYWxOdW1iZXI+WUcwMDRKNDg2ODYzPC9zZXJpYWxOdW1iZXI+DQo8VUROPnV1aWQ6Mjk1YzAwMDQtNjgwNy0xMDZkLTgwY2YtZDgzMTM0MjA3N2ZiPC9VRE4+DQo8c2VydmljZUxpc3Q+DQo8c2VydmljZT4NCjxzZXJ2aWNlVHlwZT51cm46cm9rdS1jb206c2VydmljZTplY3A6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpyb2t1LWNvbTpzZXJ2aWNlSWQ6ZWNwMS0wPC9zZXJ2aWNlSWQ+DQo8Y29udHJvbFVSTD48L2NvbnRyb2xVUkw+DQo8ZXZlbnRTdWJVUkw+PC9ldmVudFN1YlVSTD4NCjxTQ1BEVVJMPmVjcF9TQ1BELnhtbDwvU0NQRFVSTD4NCjwvc2VydmljZT4NCjxzZXJ2aWNlPg0KPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlSWQ6ZGlhbDEtMDwvc2VydmljZUlkPg0KPGNvbnRyb2xVUkw+PC9jb250cm9sVVJMPg0KPGV2ZW50U3ViVVJMPjwvZXZlbnRTdWJVUkw+DQo8U0NQRFVSTD5kaWFsX1NDUEQueG1sPC9TQ1BEVVJMPg0KPC9zZXJ2aWNlPg0KPC9zZXJ2aWNlTGlzdD4NCjwvZGV2aWNlPg0KPC9yb290Pg0K"}
00432{"flow_id":66,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta7oAQD+z5wQAAAQEIChwN2BAGktWP"}
00409{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":598254,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":716353,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":833566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAatAAAAQEIChwN2QcGksZO"}
00819{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":260892,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00640{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":560308,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00819{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":729313,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":740083,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00408{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":101324,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":560368,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKB2sAAAERttsKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00408{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":606006,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg1aQAAEARkEUKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00432{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":692136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAATrAAAAQEIChwN4A8GksZO"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":764145,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00586{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":967353,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00818{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":80873,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkAZAAEARlBoKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00595{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":376985,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsXgQAAP8RcWwKAADV4AAA+xTpFOkAmEDPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4EABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
@@ -506,9 +506,9 @@
00409{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":614667,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgdkAAAEAR76kKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":834528,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00433{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687275,"pkt_ts_usec":135465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAGZAAAAQEIChwN7VcGksZO"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":139200,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00479{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":144772,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":188381,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":202381,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOTbMAAEARFwsKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
@@ -526,7 +526,8 @@
00409{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":624310,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgsKcAAEARtUIKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":978592,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00434{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":158363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00505{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":686916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgUbMAAEAREvkKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00433{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2419,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":981171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADsmwAAAQEIChwOBx8GksZO"}
00434{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687282,"pkt_ts_usec":157559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UoVAAPMGunIIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYgdAAAAQEICnindegcDdF\/"}
@@ -535,84 +536,83 @@
00434{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687284,"pkt_ts_usec":157706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0WbNAAPMGs0QIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYYpAAAAQEICninfbgcDdF\/"}
00409{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2570,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":129419,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgwLAAAEARpTkKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00410{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":632460,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg9UsAAEARcJ4KAADjCgAAAc1zAMAADAmuEAEDEA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":917856,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00508{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918076,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
00613{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":48,"flow_max_l4_data_len":85,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00625{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00708{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918669,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
00578{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00590{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00596{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":919025,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7pHczjPFACABFAACsAABAAP8Rj7AKAACV4AAA+xTpFOkAmGRVAACEAAAAAAEAAAABJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhgAEAAAB4AC0A0gDzJxEkNzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2wELAWQABgAEAAAB4AAQKAACV"}
00615{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_tot_l4_data_len":519,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687287,"pkt_ts_usec":737123,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":158305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0aqNAAPMGolQIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYJBAAAAQEICninjVgcDdF\/"}
00433{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":697648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADS0wAAAQEIChwOIOcGksZO"}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_tot_l4_data_len":4039,"flow_min_l4_data_len":20,"flow_max_l4_data_len":416,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_tot_l4_data_len":1276,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":20,"flow_max_l4_data_len":416,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_tot_l4_data_len":1032,"flow_min_l4_data_len":58,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":32,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":49,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":32,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":49,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":42,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_tot_l4_data_len":809503,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1477,"flow_avg_l4_data_len":331,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_tot_l4_data_len":1920,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_tot_l4_data_len":519,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_tot_l4_data_len":1142,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":50,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_tot_l4_data_len":3160,"flow_min_l4_data_len":32,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":20,"flow_max_l4_data_len":85,"flow_avg_l4_data_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_tot_l4_data_len":11015,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":193,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":58,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_tot_l4_data_len":9034,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_tot_l4_data_len":24196,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_tot_l4_data_len":24648,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1227,"flow_avg_l4_data_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_tot_l4_data_len":1142,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":35,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_tot_l4_data_len":1944,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1172,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":51,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":41,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_tot_l4_data_len":3907,"flow_min_l4_data_len":32,"flow_max_l4_data_len":819,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_tot_l4_data_len":750,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_tot_l4_data_len":750,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":41,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":39,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":50,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test"}

912
test/results/anydesk-2.pcap.out
View File

File diff suppressed because one or more lines are too long

18
test/results/anydesk.pcap.out
View File

@@ -1,5 +1,5 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821353,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821804,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00473{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":998446,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
@@ -8,18 +8,18 @@
00406{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":30587,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAotoxAAEAGCzbAqJWBM1PvkI3\/AFB7i56NMVwSg1AQ+DR5KAAA"}
00625{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192188,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAwplUdeAFBW5dKtCABFAADHe1MAAIAGRdAzU++QwKiVgQBQjf8xXBKDe4uejVAY+vC7swAAFwMDAJokrUQuni1bFHnCrCrci8mu17SSshonC+8pGDiK6l\/Phzxh+NqjpoA5ePRAbTasLuAk4CkeR\/3tMjzdi54ShmUijEg7vw7jf2Yibglow2dlbDkiN8RweFkh8WAg9qfiulu\/uBXqXNlyQGNFnq0FuLddJpIfp\/rRQZTfZvnPbpMerzuj+HtmaUXL4pG6hubYJ0hdsp6pU1FeUjm4"}
00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192219,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoto1AAEAGCzXAqJWBM1PvkI3\/AFB7i56NMVwTIlAQ+DR5KAAA"}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":201196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00415{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366001,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366113,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
00765{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366725,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"AFBW5dKtAAwplUdeCABFAAEvCJJAAEAGuN7AqJWBM1Pu26oPAFApppzzaHVkfVAY+vB5egAAFgMBAQIBAAD+AwPH+2RueS0bCFAjOjiKaUYj6rfjOOjwnxNAapJEdabvkAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
00872{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00883{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00415{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":367083,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1YAAIAGRyEzU+7bwKiVgQBQqg9odWR9Kaad+lAQ+vD9lwAAAAAAAAAA"}
02165{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532111,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"AAwplUdeAFBW5dKtCABFAAU8e1cAAIAGQgwzU+7bwKiVgQBQqg9odWR9Kaad+lAY+vCKSQAAFgMDAFcCAABTAwNe2fR3FKnG2hMjkf\/flk2Q8alQACN4Gw3ceEAvBvF6LSCBWeatQQeDcBonXd4xN3eteAA\/15hN7vAwUwn3lLPAk8AsAAALAAsAAgEA\/wEAAQAWAwMItwsACLMACLAAA0MwggM\/MIIBJwIJAPGIMHZ0UySTMA0GCSqGSIb3DQEBCwUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTgxMTE4MDIxNDIzWhcNMjgxMTE1MDIxNDIzWjBGMQswCQYDVQQGEwJERTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxFTATBgNVBAMMDEFueU5ldCBSZWxheTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEimSq43jXFd4y0DWmX27+lJ7CD1sFgnD\/iYL6vzT5r88O9fhn8M\/e++YZZi52ShTQpoZZcpRdLmq451xVL8rL8wDQYJKoZIhvcNAQELBQADggIBAGaRMkjCQwOFjmCpjVewPT62MuIafRSC4Z0O+0QWB1PHDHb2GlJ5LWbUFThy1vpyjh19L1wPCxJWhaY8PttZrUJFsoFAOthHxaopXOcDA0mgW0k\/ljLL+1fwcvADKqBcacDvUvI3a9S1Cibm6CC5S4u7Y95vZWqfXdfBl5stME6agYW0HJKm7dh6+d+dA7OQnHipyLoOPKzsFNt9UbOXBrn2d2Cr\/lmDr46XVinH235xedHH99q2yPevjyTgGwDfFtEZD9FanUcBfCdTgE9e5p5qbCT+p+SAfI5YsNQSTfArm7reqCIp\/\/ykK+bUhdN7zx9uuxCVXAzDJjlTyOx8NOJ4zttMDeZwfJev+OGhYVouqoNxF0SgnfxMEfy0XPp2wXEZoySQO0+pz8APHRZysuwFzalvy9pDczR8elyWDce\/2b4BkLc4W7yJheLb539UUoq+3al4Vc7dPrKTUuUPOBbOuzXO4Z9Zod+eDRw0b1QJQAniymVNFEJMPaOrgfLzTcGa\/dKQ1diwXhIKLMNWxN7bQ5LBrfHh\/PvD74hacQYkXLdHYW\/kukh6eIsjvV9uEW1d+2PJsVgVlaMm0ky2p+Q5POfjWbYrXy6OcO14LP9VzsT8ZminOkRX8km1ObtFBCwm03x93FrfzkmQzxQdQ99Hr49V9XxJA52jASKsiq2RAAVnMIIFYzCCA0ugAwIBAgIJAIf7DQy3sYvoMA0GCSqGSIb3DQEBBQUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTQwNDExMDIzNzU1WhcNMjQwNDA4MDIzNzU1WjBIMRcwFQYDVQQDDA5BbnlOZXQgUm9vdCBDQTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxCzAJBgNVBAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtBVBDdoa01og\/vnfvwqM8aSt79RUlufigrcNAOrxN+LXjKEWO6BoCDiqbdsmvqZpkzaojh5w3KyBHuLdFoM0tRVw9YrNne5dgHxaeKIHpK7m+NYx+lx7u+Ba61Evl7\/2+zMnkLPY5A=="}
00931{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_tot_l4_data_len":1707,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00942{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00407{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532151,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJNAAEAGueTAqJWBM1Pu26oPAFAppp36aHVpkVAQ+NR4cwAA"}
02173{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532596,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"AAwplUdeAFBW5dKtCABFAAU8e1gAAIAGQgszU+7bwKiVgQBQqg9odWmRKaad+lAY+vAgpgAA4M1oO2qHbKYN59i9Yd9WayrhHCv1n7+F3YxbBh5xf7pKpkCwdxfqLD9blBSFLq0RYauI9gG7s0dr4oEY8Y455th7DGOGg6xwhHUnLTU9e3uozrJIeQg4LYImfpNLMnZmhaf9yvEKL8diD2pA\/hprWBxT5GPBdYOaq3gESYMf5yNwn6O\/aNEzL0zeXoaYfWF9ATT1nOnLQWuuUCtn1dnyAvxfo1I0udxn7\/pzxZRA6rWK95js6Ju7hmxvNjeKgIyfhPbKSnYico1SfYV1TVXvra\/z5RYjAFvotu1+ny6AS+7VX9xl6Ync26ZDBLvO\/alMLxkzquZxIIb+RYuX5sgdT3C6x8DD86by2sKkG92JTuwc2nskj6pC+RQyg2hjyCa87BOzDQvitgjGxgZ+oxZvFdIbFlI8HyKRJRcVzEKC2juoOccqUMrZTKCMlTN1A3C436DJsrKLGziDeTLDEtozlkL0kRGqxiYxvOpDijBUZcVDnlA7+pGTDp07I0o9Q8HGIptory\/8AYBSGAUiDr1q5C7J1uzFj\/MTswIDAQABo1AwTjAdBgNVHQ4EFgQUGWV5BoDG3rKqWJlXsjZc7QFijUcwHwYDVR0jBBgwFoAUGWV5BoDG3rKqWJlXsjZc7QFijUcwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAgEAs6pHF6Sv0mA0Fa0l1Y4oXsGqsY0wVptHdvLgIFQGPfEjwu+7ofKf46sMBr9UXgwaNVZt4ZNLxZlfkIZ+UoOUoKBHNvL88sJNcMnJbjRcpw8E\/esWXoq+hjugDHN\/o\/VfPSvFQQxnCuNIK8pi9qmaHsnkRLwX+dtcRZgJaezIY++FKU5x7fmZrEkgipC8WY7x86WZmRLjp3vlaDSrU1qt8UTKun\/CpnOSEOqMscbJ1eReKw8eSpP5bUwGhZBlUdOJzC6ia7Xk8Oo3Nal9wMuHEjJykyFRgR2jDMqW+IH0kqCv9xkk8+bN6hEpyfEpHbIrGBq0o8BYxHA5eKeI13QywoBig1jjtD4luFYsYHdSJaphMtGXjXckNCTF2\/LdYcjtY1cOwnDlH1LdbG84strtnacvh\/qzcOVkTfnDAtVG2h\/L8Fgg\/ESW8Mq2mznmzyfQLJl01MreR4jt3\/ecO6yKYtJ1kNkAgdP4wkeOmr2Hbc7lmn8odqR3xj+5v03xy98PLHP+tGDjJl6D8q42VpTpp52hPcpdbj1dqG\/ypY\/znmiFJ+zpZ4U0Fg1FNBSOBwx7JVFU8z+hKu+aF55R3hZk+93hyJQJjDm7d3PUZrtJK1z6K1eLZq33qHA7j54Jcd4SLu0CEEzVZx5y\/zo+NG2SYD1EXvQhYO5sLjpzGsMmavQWAwMAlAwAAJADABdBBJ4gqxu\/2Olw\/hDX4IRz1MnzWKHEoX5juzKFl0QvBpFxBeZDIFVOPCUvPpMn9UXfXp86d\/EthPoo4ljdTojgB5IGAwBHMEUCIF6xn0Z4OO3SABgfd1qVxd9TCdOKbYjboKDHbv2IgbH\/AiEAucA6fUIcRxnJDOsdT3ZwF8RSH7h1tM+xpD5QGUIjH9AWAwMAbg0AAGoDQAECABYGAwYBBQMFAQQDBAEDAwMBAgMCAQICAEwASjBIMRcwFQYDVQQDDA5BbnlOZXQgUm9vdCBDQTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxCzAJBgNVBAYTAkRFFgMDAA=="}
01133{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_tot_l4_data_len":3047,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","issuerDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
01144{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","issuerDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00407{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJRAAEAGuePAqJWBM1Pu26oPAFAppp36aHVupVAQ+NR4cwAA"}
00416{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532935,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"AAwplUdeAFBW5dKtCABFAAAte1kAAIAGRxkzU+7bwKiVgQBQqg9odW6lKaad+lAY+vDvVAAABA4AAAAA"}
00408{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJVAAEAGueLAqJWBM1Pu26oPAFAppp36aHVuqlAQ+NR4cwAA"}
@@ -34,7 +34,7 @@
00483{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3394,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":256699,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbtpBAAEAGCv\/AqJWBM1PvkI3\/AFB7i57AMVwTU1AY+DR5WwAAFwMDAC7mz9mv7V5oqiGs9UmHGy59yVVeeA5lJVIYioWWJ6DRPZ7\/AKPnOzRdEdmukW2o"}
00418{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":256927,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAogvwAAIAGPsYzU++QwKiVgQBQjf8xXBNTe4ue81AQ+vBOWAAAAAAAAAAA"}
00481{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":454086,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AAwplUdeAFBW5dKtCABFAABZgw0AAIAGPoQzU++QwKiVgQBQjf8xXBNTe4ue81AY+vB\/XQAAFwMDACwkrUQuni1bFlXQfhlbpM1ompEjuxnWze1GuQIrlqNjGlJEE1Ae4+mTb0GZcg=="}
00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_tot_l4_data_len":2556299,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test"}

52
test/results/bad-dns-traffic.pcap.out
View File

@@ -1,17 +1,17 @@
00392{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012623,"pkt_ts_usec":234684,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":242985,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325522,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
00768{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":99,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325823,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR8\/FAAEARVKHAqCtbBAICBIx+ADUAPZ97lHsBAAABAAAAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":382053,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFjwlHuBgAABAAEAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSOTZiMjAxYTYyMTAxMGFjMzYy"}
00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1486012623234,"flow_last_seen":1486012624382,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1486012623234,"flow_last_seen":1486012624382,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":445,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":339317,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9NNAAEARU7\/AqCtbBAICBIx+ADUAPZVqopQBAAABAAAAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1486012623234,"flow_last_seen":1486012625339,"flow_tot_l4_data_len":546,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b11c01a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1486012623234,"flow_last_seen":1486012625339,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":498,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b11c01a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":434289,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFDmopSBgAABAAEAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSZTE0MDAxYTYyMTAxMGFjMzYy"}
00471{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":390267,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9a9AAEARUuPAqCtbBAICBIx+ADUAPeaXV2gBAAABAAAAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00517{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":493531,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA1jH4AXiCIV2iBgAABAAEAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSMGUzZDAxYTYyMTAxMGFjMzYywB8="}
@@ -21,19 +21,19 @@
00656{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":521830,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5LMYS\/DDAhoR+f4qCABFAADXAABAADMRVQ0EAgIEwKgrWwA1jH4Awx2PmROBgAABAAEAAAAAPGI3M2YwMWE2MjFjMzYyMDEwYTU3NjU2YzYzNmY2ZDY1MjA3NDZmMjA2NDZlNzM2MzYxNzAyMTIwNTQ2ODg2NTIwNjY2YzYxNjcyMDY5NzMyMDYyNjU2YzZmNzcyYzIwNjg2MTc2NjUyMDY2NzU2ZTIxMjEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhZWIxMDFhNjIxMDEwYWMzOTPAgg=="}
00473{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":522162,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9pxAAEARUfbAqCtbBAICBIx+ADUAPTyE+j4BAAABAAAAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":571529,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1jH4AYCrM+j6BgAABAAEAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1NWE3MDFhNjIxMDEwYWMzOTPAHw=="}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012635,"pkt_ts_usec":73060,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012636,"pkt_ts_usec":79520,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012637,"pkt_ts_usec":85359,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012638,"pkt_ts_usec":93433,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/K5AAEARS77AqCtbBAICBNwiADUAY1PDy0gBAAABAAAAAAAAODQ2YjEwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_tot_l4_data_len":396,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00528{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":101974,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ZNAAEARStnAqCtbBAICBNwiADUAY\/RRFrgBAAABAAAAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAQ=="}
00766{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_tot_l4_data_len":495,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00567{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":174914,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"5LMYS\/DDAhoR+f4qCABFAACWAABAADMRVU4EAgIEwKgrWwA13CIAgtZjFriBgAABAAEAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAcAMABAAAQAAADwAExI2ZTE3MDBmZGY1NDE3ZDAwMDA="}
00769{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_tot_l4_data_len":625,"flow_min_l4_data_len":99,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":175147,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/aBAAEARSvLAqCtbBAICBNwiADUAPVKHMO0BAAABAAAAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00522{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":238003,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYAA+MO2BgAABAAEAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJjZWZiMDFmZGY1NDE3ZDI1MzLAHw=="}
00473{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012640,"pkt_ts_usec":199072,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/oFAAEARShHAqCtbBAICBNwiADUAPZ+EE+4BAAABAAAAAAAAEjM4OGUwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
@@ -43,20 +43,20 @@
00519{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012642,"pkt_ts_usec":281373,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA13CIAXlbsi0KBgAABAAEAAAAAEjUwNzQwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSYWM2YjAxZmRmNTQxN2QyNTMywB8="}
00473{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":238555,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRAC9AAEARSGTAqCtbBAICBNwiADUAPaQHCm0BAAABAAAAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":293987,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYLAaCm2BgAABAAEAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChIyOTkyMDFmZGY1NDE3ZDI1MzLAHw=="}
00774{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_tot_l4_data_len":63345,"flow_min_l4_data_len":61,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":177697,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00573{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381593,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
00770{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":99,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381905,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_tot_l4_data_len":294,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00523{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":437815,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYGtAeT+BgAABAAEAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1YzRmMDFlNmRhNmVhMjgzNTHAHw=="}
00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1486012730177,"flow_last_seen":1486012730437,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1486012730177,"flow_last_seen":1486012730437,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":395086,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL1lAAEARGTrAqCtbBAICBLdxADUAPbE6V7kBAAABAAAAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1486012730177,"flow_last_seen":1486012731395,"flow_tot_l4_data_len":451,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1486012730177,"flow_last_seen":1486012731395,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00515{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":485911,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXCh8V7mBgAABAAEAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSYzQ5MzAxZTZkYTZlYTI4MzUx"}
00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1486012730177,"flow_last_seen":1486012731485,"flow_tot_l4_data_len":543,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1486012730177,"flow_last_seen":1486012731485,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00736{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":414191,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"AhoR+f4q5LMYS\/DDCABFAAEUL4lAAEARGEfAqCtbBAICBLdxADUBAJjrdSEBAAABAAAAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00780{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501587,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"5LMYS\/DDAhoR+f4qCABFAAE1AABAADMRVK8EAgIEwKgrWwA1t3EBIdVsdSGBgAABAAEAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSOWIxZjAxZTZkYTZlYTI4M2IxwOI="}
00511{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501994,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AhoR+f4q5LMYS\/DDCABFAABtL5BAAEARGOfAqCtbBAICBLdxADUAWY4gBY0BAAABAAAAAAAALjY0NWIwMWU2ZGE4M2IxNmVhMjY3NmY2ZjY0MjA2Yzc1NjM2YjJlMjAzYTI5MGEMc2t1bGxzZWNsYWJzA29yZwAAEAAB"}
@@ -65,7 +65,7 @@
00516{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":620037,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXPaPLhSBgAABAAEAAAAAEjMzN2EwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSMjEzZTAxZTZkYTZlYTI4M2Jm"}
00474{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":574897,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRMElAAEARGErAqCtbBAICBLdxADUAPeYHvL4BAAABAAAAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00524{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":669835,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYDm3vL6BgAABAAEAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhOGRkMDFlNmRhNmVhMjgzYmbAHw=="}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_tot_l4_data_len":1607,"flow_min_l4_data_len":61,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_tot_l4_data_len":63345,"flow_min_l4_data_len":61,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_tot_l4_data_len":1772,"flow_min_l4_data_len":61,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test"}

202
test/results/badpackets.pcap.out
View File

@@ -1,202 +1,202 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00667{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451029,"pkt_ts_usec":466717,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237}
00711{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451030,"pkt_ts_usec":401327,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271}
00568{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451039,"pkt_ts_usec":146849,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161}
00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451051,"pkt_ts_usec":753069,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00189{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","caplen":46,"len":60}
00189{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","caplen":46,"len":60}
00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451051,"pkt_ts_usec":753069,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00174{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00174{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00673{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451098,"pkt_ts_usec":935701,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/u8gAOcRvDSDTlH+zLpQ5QA1ofQGuiMOhg6FkwABAAAADAABDG5jYjFzZHYwMDcyMQNkaXICYWQDZGxhA21pbAAAAQABwCAABgABAAAAmQAtCGVhZ2xlaWIxwB0LcmFuZHkuc21pdGjAIHeyKSsAACowAAAEOAAJOoAAAAOEwCAALgABAAAAmQCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwq3LEc5Fr"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242}
00541{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451112,"pkt_ts_usec":63911,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1QgADURSISMrBHtzLpQ5QA1RHoMIdhWPYOEEAABAA0ABAANCGVkZ2UtaGRxA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgAf19hoQ062mEgmdReiMHoN\/8sTkGCL+YszFpFSC7g="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00979{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":347704,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":503,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAAgADIR1DehNyACzLpQ5QA1P3oNZUi5Fp+EEAABAA8ABAANA3d3dwRzd3BjBG5vYWEDZ292AAABAAHADAAFAAEAAVGAAA8IZWRnZS1ud3MDd29jwBXADAAuAAEAAVGAASEABQUEAAFRgFkri7dZIlE3vjIEc3dwYwRub2FhA2dvdgAj4QRDWjZKG5AY0wcqp07zy2N5LWrEg0t\/4W81\/I\/yU9kryWY5M6hQke0XIJhE4dUH120W7nAkWxQJVaZyLoMQin38ZiK2SNs\/MeioL4jAC1CzjiZ9JGBmrvUXfwx4WjCIZO3AWpZFqZpBYNrilA5xXqA6vClBMfN6kWmnwyqYMUdmG8SPzKDGLoKCurB88lxuBmDxFiEc7IRKwyXcJ47WkYAmncTdtBPbcng8wUk\/OSHputwVXEiz+4Hi1YSwyaZ\/bR92tO2XAf2y65TJB549EX80zlNliCWrbo6CKiF1dSuOYR0v1cuBHf05mH4wAy8XKl6vLSm5lJ0SyJmHuu8SwC8ABQABAAABLAAMB2VkZ2UtcDEBbMBhwC8ALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469}
00788{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":448546,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":363,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAEgADIR1DahNyACzLpQ5QA1FAoM2VerW6eEEAABAAYABAANA3d3dwNvcGMEbmNlcARub2FhA2dvdgAAAQABwAwABQABAAABLAAJBm9yaWdpbsAQwAwALgABAAABLAEhAAUFBQAAASxZK4tpWSJQ6VBkBG5jZXAEbm9hYQNnb3YAvM3K1OBR2VQQj4QVOGZxr6WG5B4+fABWkfGP1KGkGFsR4zOi7Eo7vmr2TJiaR66HfSMoitVNm4kwmQeusE1J+sPLARPh02h5Z1H+HsQ2b48KB6bVXbum1BeZX4yX1eoeScXJkBrFAe8F6pDF+Ml8UnuCbXzf+\/NtRUw9ZGk\/b8n+GLS5YEkLV6tINZ1NF7znVhYpo87DIH1d72melFmv8f65eH1mu6AzkUXSI502HCpox0\/KLdxxAP64c2LL03iQVYlgYQmiBnMT8YejrLi9PuDdsHa5wauH"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329}
01908{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":710166,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160}
00842{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":809047,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":881614,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","caplen":59,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","caplen":59,"len":60}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":881614,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":931523,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","caplen":52,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","caplen":52,"len":60}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":931523,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
01912{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451113,"pkt_ts_usec":998245,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs9cgADgR3VKMWiHtzLpQ5QA1zoEKT2TtZcOEEAABAAIABAANA2xiMwRub2RjBG5vYWEDZ292AAABAAHADAABAAEAAAJYAASMWusrwAwALgABAAACWAEhAAEFBAAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAhdURPDXBvcbzg1l\/P4qdc3ehRb89ofPJw8vL9RtggwAs8+7Az1qJ5M1Ux+8oZ8zHN5D0+c3BNJjQUPVveXspLDCZdxRFo+1RK\/tIlQre9Z6oXyBunsD3VON8J6JqaO9QLW\/+N+v0+3k4JQ9jEXRD+gylLnNEC4jSZM\/eEVcWh8\/Z\/hQiQb73n\/IE05pfqtTEC1C28x4rjMLnWyPcsUNmAQ1wIIVqzpP6A5VTnvp4RsDzlI9MxhvYxC13eFkguAyj4PpKGJ96o+9WpCrhjrZ5Qe97GjxQ4mnxF+La4DD1K7LlHpU2xfdLMaXTNnb3xrtp8tFG6AyME9mAN3ydsa2necBRAAIAAQAAAlgACAVucy1td8BWwFEAAgABAAACWAAHBG5zLWXAVsBRAAIAAQAAAlgACAVucy1ud8BWwFEALgABAAACWAEhAAIFAwAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAPu1CKNIp6mLVE1SewqKYDKAuMQAxscJGLV3f6RN5\/1\/zVgPiH7\/AAxiJPf5SqJZzB9ypQ5Q0SJU+u+qo4UNT2A9ZikHLsvZpu3XY7qllQDLKzFsdAlym\/205od0dRRYpJQQB+XO+nZdpRMc7hCOpc4LOfHHMxA20k1GcxwGN4I6+Yn7DCzd2AzmEcNA6sRAh18oRWpULvUa3Zs5aU9AnCawyL0iB3kXc34Hs5uavwPC1Ojau\/6b8vUkP2tuAEGoEy3ndP2uce\/kL5JrjxLYplDVGCuFeAhL5JD4BC1aJIZENCvxRzhQduD0s4HR+6oKQ1lWxPgH7SZ2ACg0k6rI408GAAAEAAQABUYAABIxaIe3BgAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wWwAAQABAAFRgAAEjKwR7cFsABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsGAAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwYAALgABAAFRgAE="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159}
01904{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":40787,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1186,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1kgADURSH+MrBHtzLpQ5QA18VcKSC9N\/PmEEAABAAIABAANC2Zsb29kc2FmZXR5BG5vYWEDZ292AAABAAHADAABAAEAAAEsAASMWnHIwAwALgABAAABLAEcAAEFAwAAASxZK4t9WSJQ\/T5zBG5vYWEDZ292AI8NxE24xoB5Eg9dMdW2i2Wbnp7WAjJSEPfx6q6WNvQlvElWxcN5ImSIEBkCrx36XB+4y7FQRSHAcJfGmrEujeIG4vm2iak4\/iZ8q6dmad9UZqsYw7xMfUiMET9ynUM9tfbf26FoVrC7jqPoXd\/CLZ2MXGmkMAEGsqydhYm\/5Owhr1bdMagm+9i4eFaCOhOwLA5ytPfBpqddYO4P6KxfzWofdME7xL026plG7g0aOG4GcHKq2yCkGN\/td2KW3STw7Yn3EkgDcCQ9GkTH0mNpchsIxkxjSxGtSeHI3BNNToabK8Bt8I+qEmB2t+Dviv1HzjwGjXetcCij9X+FGH0VoGjAVAACAAEAAVGAAAgFbnMtbXfAVMBUAAIAAQABUYAACAVucy1ud8BUwFQAAgABAAFRgAAHBG5zLWXAVMBUAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBagABAAEAAVGAAASMrBHtwWoAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8F+AAEAAQABUYAABKE3IALBfgAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152}
01910{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":42745,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ogADURSH6MrBHtzLpQ5QA13wAKT4pfTrqEEAABAAIABAANA3ZsYgRuY2RjBG5vYWEDZ292AAABAAHADAABAAEAAA4QAATNpxlkwAwALgABAAAOEAEhAAEFBAAADhBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAX+ROMTDmu2LvY14SfjFGvi3WEW6+STJjZDx4ISbi+8Up66dG\/bw1go3rWtgRYv32inrUxVD+E4qN4O65GyWgncqxzNBHyqogKfZU9dx9y+PqIoQ+ar6wCBaZMeRlZ2H\/KAZm9VZJdIYSfT7rg8tylzg1ByKUx\/dM58k4tzq01zWfvvdDqlgyS\/7dfwH3Cx0Q3tKk8RttgwJo0iMxQWM\/AbIcQHtWikYNLoiBlgpKokdUg9fvMXVaU6C7Dli78cCopcGhFjDJKTKGsg8VZwPKF9jhIvdYxA+Q0I24PRjdqFWpLctR\/ZrlwtAdX59WvQRCsyLHS7xFl+DxalLuB\/SgjMBRAAIAAQABUYAABwRucy1lwFbAUQACAAEAAVGAAAgFbnMtbXfAVsBRAAIAAQABUYAACAVucy1ud8BWwFEALgABAAFRgAEhAAIFAwABUYBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAmWRe9VtNaGu5X49TFlABbU\/pql1LRAtlNRRYPZA76YNivdumGQu4wVgBmCm+hYA4u\/HWo\/sXy+OjhkGg69foZAZZApULWjIwIoUuPmRWXN7SuPsCbcxc2lz03QGkeHWcv53g7lGYu11y+pQHMJSB5g8OgwFH1IpZebWevGbH01CETWP8X15qQ1Si4Mg+CLVxJUTEjQ+X3iu+vEJrye6jYg4+V8n1uXRhP1XaMIy9guTSW+vZMz5uu3LssrCEsl8FV2QPvYCNY6ShsKFc9MUOedVXQ3fLqRmhLx+5ICURO9pKmtWRUtZLxMAKiuJMWwbJBHU0oQ\/4Oz18pihCuPdUXcFsAAEAAQABUYAABIxaIe3BbAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wX8AAQABAAFRgAAEjKwR7cF\/ABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFsAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwWwALgABAAFRgAE="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159}
00542{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":337664,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW14gADURSHqMrBHtzLpQ5QA1cdYMIeseCHyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00543{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":364173,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAogADIR1C2hNyACzLpQ5QA1Q\/EMIbPPgtyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
01905{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":389800,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1190,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA0gADIR1CqhNyACzLpQ5QA1Q5YKTHldtTaEEAABAAIABAANA3d3dwtyaXBjdXJyZW50cwRub2FhA2dvdgAAAQABwAwAAQABAAABLAAEjFpxyMAMAC4AAQAAASwBHAABBQQAAAEsWSuLfVkiUP0+cwRub2FhA2dvdgBux3u1kqhoa2542f5VfZyNoS158qaQHxQC5yl\/X1HYHlN9OKFD2TTtS4MZKS2ZLbvQB5eqC\/5Riya4tMHEv+9kjK+XtBF7Rj7yVxMulYYVKJY1yrzk9A\/DMfiIWTmC3qviPxuqYkAT5W+fAOD4Nsy\/5JE6hIu89v+rqG\/Z8kfURtGsfsnMCQfSTMP2AXbh6JHaVQaDQaVNy0gDeBqDP1Owy3kJn4t100KGsy2p4xGQ0JUhkDuTy2t3fY6FBUSyoy0avo4Kb7JFJHys5VrqR44WISsO3GrLnTJtfVwBE9Pr\/BpNps2Jko7Ht0KLwUiDWgVCGdLvJTwQLCElPL9pPjkswFgAAgABAAFRgAAHBG5zLWXAWMBYAAIAAQABUYAACAVucy1ud8BYwFgAAgABAAFRgAAIBW5zLW13wFjAWAAuAAEAAVGAARwAAgUCAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAf\/8QzlfEZQAnNLSTcUvmCrC0kDgUG5OjS7EGRt2A04zt4irIeyHC6osOrjnO0mi7POpvn\/5DB0LJFuhEDphBwzJ26jfSEDBkE+MLAW0a0JsI7TN12lSH8NkEWBI+HZ0Umpv1z0m6EejPf4Thj1REmf7kOlqhc2yeXz1HHqyJRv5GKGbsL5WTfXlqZiNrr2VRCaDc81x1RVcXvoMs0Nn1\/Qn821OuMK2syrFePONAMQ5\/UvI0oI0+8KwNXwG1GNTdWdfDA3D18ArIDTOOUgkwNxkeC2RuatMH2YUbLy0zFup8WkH7qYby1i0eJBYsOrrH2IXG8cntxoeFnWcLLqlMtcFuAAEAAQABUYAABIxaIe3BbgAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wZUAAQABAAFRgAAEjKwR7cGVABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBgQABAAEAAVGAAAShNyACwYEAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFuAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwW4ALgABAAFRgAE="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156}
00542{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":409912,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA4gADIR1CmhNyACzLpQ5QA1XMQMIcjtVOuEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145}
00976{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":477838,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2EgADURSHeMrBHtzLpQ5QA1hSENY4PPmWmEEAABAA8ABAANA3d3dwRnb2VzBG5vYWEDZ292AAABAAHADAAFAAEAAVGAABILZWRnZS1uZXNkaXMDd29jwBXADAAuAAEAAVGAARwABQUEAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAmB+rNTTf9y2fL9huXtwXacy3dpdAU\/FF66y0T2Abh4gJ4oqoROLCskJvvn3j9VXRYvVuHgr\/e97Co5990baGGvZb+DvhgSBtQA0XDhAbhT4IGku7L7hKoOqCPzJ2xMN4lERF15hNGRqg\/cT5v5CgilDGweZpWDYW20FvCYF4m8AGKWztxWEdpdH2c13sLamLNmDpbsiDeUYVinK+o0nUucS9JVb7qjOM60ITS257sC9GnrEJqXc7E0PqTUPhbrT8oM6CmNCpuj24P56BqqMr1XKbdWFuIo37YO1g0eKMEI09l2QWTwRGahH71x3X3yh\/Irc0cgLSM9Wcphsq4AONbsAvAAUAAQAAASwADAdlZGdlLXAxAWzAX8AvAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAHVR1NQXRWlbpbPXbpQ4K7jGWLXOoK18x\/MZgCtt9"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":592732,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","caplen":52,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","caplen":52,"len":60}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451114,"pkt_ts_usec":592732,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00815{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451120,"pkt_ts_usec":530820,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":384,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvvQgADsRTzWcmpGtzLpQ5QA1p0MHJt5xE1qEAAABAAgAAAABA3VubwAAMAABwAwAMAABAAAcIACIAQADCAMBAAG4yfLJ+odI0NYhmvuEYusTX3PMFSgpFuzmz0UAbcsB7BQkNbURzRziXs3Eo+Y4VAvQbBXZ7ZrIhm7e5Kv05B9ITQPXR8mAKN+eP4XS24qX5yxLTJr1BHYcwjbMHD11lKYei8h3x0IL84h+CJR9MkSjpkX65W1xs0ZDKrBsVj+sP8AMADAAAQAAHCABCAEBAwgDAQAB7AsXAeKN3QmGY7+Xpe0mfMtRzSIrdueZqhbVPuuuqzzkGlfKN+qx6PtpXxVkUMnMYiEn3FO6H3aNHnpkDL273LzrNhBMH62l5Tf14gZ7\/YEClmhlbBKDGSaiQipf0qYB+3KlSnlFkNTZQTPpSS2skfRrrwaSrIFrBnPy65VNup0b0nKjYyVw623MNxZMGgFjsX8veogoAKeS"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350}
01322{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451125,"pkt_ts_usec":221324,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":759,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcooIgADMRE+aBBg0DzLpQ5QA1SmkInV2uJjOEEAABAAMABAANA3d3dgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEGDiyjMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFNKgRuaXN0A2dvdgBIYUso1Tbe3YPWKI6pKsnK39L0ZR+Wo84lp69g80vFD15mFzrNg7EcUCLsnkMlQJbHqK3QN0QeDzdgWJzEtkF4C3gfcuiYqpNzLzSbOaI8qMLYR3iAIZ82fx0LiQg0fj\/UhXahd9c0eXrYwc69KuT3ZZpBmxsvQGSbA79dTk2IcMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFp9QRuaXN0A2dvdgB2VIO3XeASYXoMskLY5BdTHuMWk0C0lo9NqfSeSNpiocAUe4wjG0pSKGWTvO9v14o3ES1dQF\/lRDDzLvndMmBTSk8OUc6DZkYg\/xkANFcnfu1rJX71cI8qZoMAtFPuJG+OdrjwY3UO+gUW81AuHH3Rvj37sLrgU6NYwdvHL8cSF8D0AAIAAQAABwgABgNnZWHA9MD0AAIAAQAABwgABgNiZWHA9MD0AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHAAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725}
00642{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451143,"pkt_ts_usec":643018,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":253,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcix5gAPYRtKqAcIEPzLpQ5QA1PwIGo6sTVh2EEAABAAEABgAPBmdpdmluZwlwcmluY2V0b24DZWR1AAABAAEGZ2l2aW5nCVByaW5jZXRvbgNFRFUAAAEAAQAAqMAABEtlhE3ALQACAAEAAqMAAA0FYWRuczEEdWNzY8AdwC0AAgABAAKjAAAYBWF1dGgyA2Rucwhjb2dlbnRjbwNjb20AwC0AAgABAAKjAAALCGRpa2FoYmxlwC3ALQACAAEAAqMAAAgFYXV0aDHAdcAtAAIAAQACowAACAVhZG5zMsBcwC0AAgABAAKjAAAGAw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451144,"pkt_ts_usec":693951,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc8l4gADcRrZWY2AelzLpQ5QA1QFwLtGqgHLSEAAABAAIABQAQAnNhBHd3dzQDaXJzA2dvdg=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36}
01446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451150,"pkt_ts_usec":25808,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":850,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcp70gADMRDquBBg0DzLpQ5QA1tIMI+JbQPi6EEAABAAMABQANBG5pc3QEdGltZQNnb3YAAAEAAcAMAAUAAQAABwgAEAR0aW1lA2dsYgRuaXN0wBbADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRnjJkEdGltZQNnb3YAqr9jxTZXybcXnuCzjwFwvmFI+Ze7+m+rSWmDSn1MGMydCqolZgbVKJgNgG1S4zXIK8pdBL562Arwa55agW7HdTeBY84CmqWupq562AYDen9j\/fcu4j8dUrr0Np5qd65iLfnFlqyyY1lwhO5MLHlBGeFoLloqXXTeoUcgip7f3svADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRno1UEdGltZQNnb3YA1mVm7+rmIQsKL0j8gZgmJcKynM3ZMQd2XdMAq44akLYox+waENon7a\/NmZaeWbIVHTDHZNuDBA9d3DqfTwZmq6tNJfokzKjG5g+KihH2Xa4Kp9wiLwRswtv6QxM2Qg5XcrAKw8x7jBKYqECsGcjybhwp76K9osOWdUlx9tS+dNnAMAACAAEAAAcIAAcEZ3RtZ8A0wDAAAgABAAAHCAAHBGd0bWLANCBWQ0xEQlZEM045OVFSSElHTFY5UVFBRkUxRFU3UEJOTMA0ADIAAQAAASwAHwEAAAoCf28U+zG4nx40du+nR\/TU4M0oy+4k6+cAASDBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/TSoEbmlzdANnb3YAin87ubwH5bbudTk+e+xAakiTfHLL5BNm7U1T7Tp5nwZ+YiMNjXALwdG0Rzv41sO6d6JzvqGjEvTLlZHOxMvzh5qOOCQ5pTDJOeqLshIcRoXLTP+W5JHoo22\/LNWmDP4Sejibo\/ExdMmbbKksTx5XkoOuibEJlXT+CgT9AZmeMRTBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/afUEbmlzdANnb3YACfYO\/o1yNCznWcx+k3iT2eRehKQYOK+FNHFc5RmDgi0nh2MAeCXjMinIJ79YtQqPSh00E\/qkzv0dT8zKvlO44sNJMgS8x9irpUURGpmdOjra2Peut2w6hiAF+w=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816}
01428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451210,"pkt_ts_usec":64358,"pkt_caplen":830,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":830,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZ2IgADgRNxXOg9J2zLpQ5QA17oYI5FghcmaEEAABAAMABgANBnN1cnZleQhzYWZlbGl0ZQNjb20AAAEAAcAMAAEAAQAAcIAABM6D1BvADAAuAAEAAHCAAKAAAQUDAABwgFknjltZIkdgNvwIc2FmZWxpdGUDY29tAHe+sxe671rWzIUuSmcuIX5JDt2N6FBy\/TemnpDPfETG94sVtxgFhyH+9XDJ8vfBDApGjbQsaNpmhYgJ2jGuM6aa11KsYrpTFxQi3Mq4Mwmb85sg1M7tWwMA\/a9WEJvxthxxgFLD9e7N14XoZuciOXyDRzakdNxJe0xON4TdbMVJwAwALgABAABwgACgAAEFAwAAcIBZJ45bWSJHYFgXCHNhZmVsaXRlA2NvbQDY7GqPPxR3njuOxu6CCj1boxBl0v+KT3lL29Er72LdcsNtFbp2T5f6Lq+bUDJ6aGZ\/GGcJlbZVeSixgLiHv\/3WIrKbFRcxzmntMnI1WXDaq+hOKYUph2hgpvcyTFEbaygdhl5BdaaPauPAfweczJEJCc6TxoWZ0SzqEG1+NouhyMD\/AAIAAQAAcIAABwRuczAzwP\/A\/wACAAEAAHCAAAcEbnMwMcD\/wP8AAgABAABwgAAHBG5zMDLA\/8D\/AAIAAQAAcIAABwRuczA0wP\/A\/wAuAAEAAHCAAKAAAgUCAABwgFknVclZIgjZNvwIc2FmZWxpdGUDY29tAE+K9vCahuql+Dus\/olbzgxR6+xtIAxjgCV7w4P+TDgF96\/wvufu2LlMtgwWwEYPqWlh\/QSV3c3y2mgUeKsDgKDUKBPY4oAN1Ii5SdYXKnxedkDm6CDq2YBIJ\/f3K2Jens9\/DIVOgUFp+Zi9a7TtLhmA1IAcJwnXvflL7avBNhUUwfcALgABAABwgACgAAIFAgAAcIBZJ1XJWSII2VgXCHNhZmVsaXRlA2NvbQDFMtAOhXQ\/tcn8Bg0YsK0LCXQz9eeItGf3CI8d+ppJ3a1qxqTbsYvEPqKVPVXIPiYJ3ICi3zqAg5mc5470ZgSSPw3eDcdgkQ\/2sH6VsrvHw1pWLDtNZPd6cO+KsvNtbbCZ6JY="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796}
00397{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451247,"pkt_ts_usec":437895,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":71,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcWZUgADkRzYvQTkcCzLpQ5QA1l\/cF7eAXMAuEEAABAA4ABgABBG1haWwFaG91enoDY29tAAA="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37}
00498{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451247,"pkt_ts_usec":676188,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":145,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcSyQgADkRLD3MDfsCzLpQ5QA10qYGN8NYfIeEEAABAAUABgABBWhvdXp6A2NvbQAAEAABwAwAEAABAAk6gABFRGdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbj0zWEpwSUlaRzJZeUVCWnlPYUs1ZWZrWDFnN21qaFV1aVhqT2xKZw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111}
01953{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451309,"pkt_ts_usec":206320,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs98gADgR3UqMWiHtzLpQ5QA1U+IKco350KyEEAABAAMABAANB2VkZ2UtcDEBbARub2FhA2dvdgAAHAABwAwAHAABAAAAHgAQJhAAIIgAjAAAAAAAAAAAJMAMABwAAQAAAB4AECYQACCAAIwBAAAAAAAAACTADAAuAAEAAAAeAR4AHAUEAAAAHlkr8xJZIriS1gsBbARub2FhA2dvdgCV6O\/WR3JCSK+C7cZBu3S3X5K0UHxpncAfxFmSgHubPtuQ+ppFRTp+1fHbrUOyCpixD7BN4GSPyT84LF8EMzJbQxH0r2LLAvgtvgpUbYL7Z7w18yYTnE6XGfHtthXb1ZOye1L2hiRfpzbmmXCHOKb6LEYuPXKYSPhX2n+ImdcFypwUqYfMSD9FcjNa3Jo3Oqro2WuMMbD2gPnRfJ8TdXYRG4VNmibFauhfDGpn9UeUfORtwE7m2jOvlQ6Qvy9OpZkqoNE2Vdtt7jPJm2tzt5OKxSjI1XLv3boeUU7hE7UYEXONrZssQLYvDrWx9GDK\/I6MmaWyMYZAJODqzmpC6mevwHoAAgABAAFRgAAHBG5zLWXAfMB6AAIAAQABUYAACAVucy1td8B8wHoAAgABAAFRgAAIBW5zLW53wHzAegAuAAEAAVGAAR4AAgUDAAFRgFkr8xJZIriS1gsBbARub2FhA2dvdgAeLq4NmnVkcNxQ2ECZHAEvCMi5MZYEL8edA7YVxsb2UBGFIEGs\/0MCPjY5njGkf1suVTZtcwyT75u2gFjZgWxP1+c7rm4cmvpvBe+wC0vSebZWwrbWCerbFqwFr8WbzPO2CxG0Zn8pbBKC9uM1kn0tU08OZWkEPnxTJXMcLAZSYKzHnM3Abd9+nCKn5iCnhESUxIPjqzi3TtF47AxxSw8oSy\/22YcIyG5RxzRRDhaTIGZj9gjcsM8kyra2eumMo4lRPXVhwaJ6DQF2GVKV8FslkU9\/qAyzckJZU+4ClRBUn7ZyYZlZnrFBAgj7Zmr2QS9x22hcQerFh+735VmloZaXwZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8G5AAEAAQABUYAABKE3IALBuQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194}
00790{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451309,"pkt_ts_usec":834554,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2UgADURSHOMrBHtzLpQ5QA1ufwM17VSuDGEEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327}
01904{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451309,"pkt_ts_usec":971567,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2YgADURSHKMrBHtzLpQ5QA1igkKTYrrwr6EEAABAAIABAANA3d3dwx0c3VuYW1pcmVhZHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAYj6eILo+qkq5k18ERYBx0xRM9\/G7L0FZIt4YRMfTu\/USwfAnYN75io2kNkONiogWmMZ4Lag7k3IYxgcesHSZm7PZPDgrUXlAcd3yvVMKVKTxcZWm4erxNJExiN8+R7+gO8BV6r5YHq7uAPRDiCQOsXNlXUlDbrs1lqRHqt+\/of11uAQ6meqXGXmKksSlBj5fbAkW1+8cB\/QSQlJjzyciYH5OpnBXSP0xkvRyxYbMOP3yK39llO\/1t56mjX6N00VukVX1CCuCNDvCVEnhc9yhfw9oDlronPvyL2kVGsfMWn8txFzsS3wqbAr7fJQNwFsN6v7JS37aCBEsfLcqNMdRvcBZAAIAAQABUYAACAVucy1td8BZwFkAAgABAAFRgAAIBW5zLW53wFnAWQACAAEAAVGAAAcEbnMtZcBZwFkALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBlwABAAEAAVGAAASMWiHtwZcAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FvAAEAAQABUYAABIysEe3BbwAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYMAAQABAAFRgAAEoTcgAsGDABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlwAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GXAC4AAQABUYAB"}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
01955{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451310,"pkt_ts_usec":199170,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+EgADgR3UiMWiHtzLpQ5QA1YrcKcmZcnv2EEAABAAMABAANB2Ryb3VnaHQDZ292AAAcAAHADAAcAAEAAA4QABAmEAAggEAAAgAAAAAAAAFxwAwAHAABAAAOEAAQJhAAIIBAAAIAAAAAAAABcsAMAC4AAQAADhABHwAcBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgCiFhT73R8JkfGDTfZ4di36jz5eyOGbPz32qAMnwn4nlyVmuvzkf4NiJ96OxTP54IIqeClIfVaS9wEAfT+47pslkKZCPVwuhmOe6fDooq+GLDJv0+Ghc9188DOEwVA6ulHxE25woNOlZB13Uz3i90Fc0vOaXvfF9ZGxFm4J9mw3dWtYg4\/ds36+RRrCA9x3ERJDt7HPku5qZtP0xKuN8yDtutEHNQ+PFq\/yqbVvE6s5DpPsYgJR0mKl+kuenRHwsn7+W8RejJkXBdU0ylZRMFbsC3fBOassmaNP6p110AEWGpszbswU0n7MR6eCsSeyRW3u+kxNbB3DHriPINnb\/25ywHMAAgABAAAOEAANBW5zLW53BG5vYWHAe8BzAAIAAQAADhAACAVucy1td8GSwHMAAgABAAAOEAAHBG5zLWXBksBzAC4AAQAADhABHwACBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgAXXbMkYPS9QUln5hjQ9vMJUQmj7EOZmvYJzaa79X6dsVN8FpugM8E25umwpE\/dq29ve8D++P2tnJQfbDgKbTCzWcNRmJZVue8tdC5OTorh1HBmQkpoumFnTbmtekcohQkMcnb3AmWMR742fJ5XNYHgW7Ap4AaJ+wubZ2DGMzIxl72\/ofg+1dcqnAgbyQV8y0ogjIlloPBWpcRwxyL+zdk7S+iyN6s+YgfobuDo5dbvDWNky63CGBbyLqEaC7wzznplPJLXci32DUon7xJA0oUr7x\/h5U6kgccx3MbgKjnlj1l0PwM\/R2IbRlpN9BAQ34xrrixU4+6ApBRbB3spHijNwbkAAQABAAFRgAAEjFoh7cG5ABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GMAAEAAQABUYAABKE3IALBjAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwbkALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBuQAuAAEAAVGAAQ=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194}
01913{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451311,"pkt_ts_usec":326374,"pkt_caplen":1192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1192,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+IgADgR3UeMWiHtzLpQ5QA1+8YKTsy4mcCEEAABAAIABAANA3d3dwd0c3VuYW1pA2dvdgAAAQABwAwAAQABAAAOEAAEjFplPMAMAC4AAQAADhABHwABBQMAAA4QWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAJEO7XiuA+vhpIYobOdRe1yI2VB\/j2mzi\/2yP1Lp9H4M5qjusV7CkPVxOQC0AaCcVxqT4M6bztlrT7qUL0A1w3xQdNOpdYK4DVjBCuxhfx\/pX\/Rq0kECnDSkfE1jj7zqbQ61fish6MQQophJFU+Am6c5wLoF1vAyR8qdln5pLZ1FEOPVwHhvgDFyv98HmMD00pw\/wVmA65j4meeVRLeQ3a837VsRiT4jJKffufwtmx5Eqpxa2\/kJw53hWYnnMS38GIEaZRlEQM2vGca6sB3+N+kJQ1oGEgcMiONiOotB9a5cfHgsVEbIgj1jFGWNkedySgudQrRBslLuL9OimDWkL2wE8AAgABAAFRgAAMBG5zLWUEbm9hYcBXwE8AAgABAAFRgAAIBW5zLW53wW3ATwACAAEAAVGAAAgFbnMtbXfBbcBPAC4AAQABUYABHwACBQIAAVGAWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAtNAttZ2tlqpXEcOn7mcA\/Z0HMna2P7rrtJXnupFJ5uos8L3b6TswIuV1nZPJ\/S0K4ZvjUZJukTJ5dsR\/z2bbQiS1uixECpVlyZZOXhp3A0rmQKUIYpz+yrwlZ4Dcq1wOupPxo1PMQl4AwQrMNxeyrQ0QU9G49JKGe20YA1Lhz1N+J4QbO5Tu3vWoPjnfsCEURngIIHow6qjNrrZEhlA929gSEpDzFDBqOvEXIedVxUEt\/nMPYmTYEM5I+66eeFT9HrjHCjzLWlP00hbu089PduHD\/KIRGO7Fs2DNO2Yt\/9FqjLrVhvcG5ptrnTz9lTYR\/uQVtLKTsydCWVZF9YLTOwWgAAQABAAFRgAAEjFoh7cFoABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBlAABAAEAAVGAAASMrBHtwZQAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GAAAEAAQABUYAABKE3IALBgAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwWgALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBaAAuAAEAAVGAAQ=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158}
01899{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451311,"pkt_ts_usec":524226,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2cgADURSHGMrBHtzLpQ5QA1l38KTYdoHVOEEAABAAIABAANA3d3dwZub2hyc2MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEwC5sA8AMAC4AAQAAAB4BHgABBQUAAAAeWSvzElkiuJLWCwFsBG5vYWEDZ292AEmbFbdVf7FrZdNM0IbcWdEpLfLseHOhwkbd9Xyz04fYyQrhx+Jovb0Em+GuaroqiO5SKtEQJqVCCZB9p842uoKxho+pPpdJyWiQc7GnXhWdDNWtJHOkPmoq3wrf3jfnkFfPCy15tQqxwItlfzeoXa47K\/rbLzji9J6Cj82yysecO7bElXtCuXkKPdBLHf390b9a43nJCO8borqU1G0mIjq1zfMZZF6Kibws4+mFg0EdoxSpF65NctKwuurIJVArvCE11J8PbHegAuvbVEpvXwtS4p8hvMfMnJvNSqKpfuQhDV7nHNaRPD8uISM\/x8CbB8jQLQpUussqmlC6PtCbdXfAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAACAVucy1td8BXwFUAAgABAAFRgAAHBG5zLWXAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzElkiuJLWCwFsBG5vYWEDZ292AB4urg2adWRw3FDYQJkcAS8IyLkxlgQvx50DthXGxvZQEYUgQaz\/QwI+NjmeMaR\/Wy5VNm1zDJPvm7aAWNmBbE\/X5zuubhya+m8F77ALS9J5tlbCttYJ6tsWrAWvxZvM87YLEbRmfylsEoL24zWSfS1TTw5laQQ+fFMlcxwsBlJgrMeczcBt336cIqfmIKeERJTEg+OrOLdO0XjsDHFLDyhLL\/bZhwjIblHHNFEOFpMgZmP2CNywzyTKtrZ66YyjiVE9dWHBonoNAXYZUpXwWyWRT3+oDLNyQllT7gKVEFSftnJhmVmesUECCPtmavZBL3HbaFxB6sWH7vflWaWhlpfBlQABAAEAAVGAAASMWiHtwZUAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GBAAEAAQABUYAABIysEe3BgQAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GVAC4AAQABUYAB"}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
01034{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451320,"pkt_ts_usec":578334,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504}
01373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451362,"pkt_ts_usec":335777,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451391,"pkt_ts_usec":978406,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","caplen":58,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","caplen":58,"len":60}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451391,"pkt_ts_usec":978406,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
01038{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451394,"pkt_ts_usec":42349,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":548,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVF0gADYRwvybxo5RzLpQ5QA1bA4Hyoducg+EEAABAAIABQARA3d3dwV1bmlvbgJpYwJhYwJ1awAAAQABwAwAAQABAAADhAAEm8YDk8AMAC4AAQAAA4QAnAABBQUAAAOEWTixhlkRIPO5jgJpYwJhYwJ1awAj5WoAxYCg\/KfcFTNasuFz9k8DHEEKP+G\/QcO+tlENP2jc3LgZ9uA3IooVGcjqo3IK1WfQBCEvktqfQAxH7Wa9Cf7eUtirbKINvr5+kMLn6FCrM9jd2dQe6Y6pYaAdpbMZ52VbSjqrMzklY\/zIDFORoxkTs1i+ORgrFMtdeV2yqMBSAAIAAQABUYAABgNuczLAUsBSAAIAAQABUYAABgNuczDAUsBSAAIAAQABUYAABgNuczHAUsBSAAIAAQABUYAAEwhhdXRoZG5zMQNjc3gDY2FtwFXAUgAuAAEAAVGAAJwAAgUDAAFRgFk3Fx9ZD4ShuY4CaWMCYWMCdWsAnce7m9M5vKhQqwhA2lgPqBNkvCE04UYgFElS0HI7a2i+uOQGzkCRUhlt88i15\/SW6pLNi7d1z4bwWT4IQO6zK9DN8onRZwE2U9p3OkmdXoT+m92MCVkssnEnbW4QP7TpPEflt6+tmQbWtQIhhbOmeIP69piuNsKdv\/4OLfIF3EjA+gABAAEAAVGAAASbxo5QwQwAAQABAAFRgAAEm8aOUcA="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514}
01215{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451408,"pkt_ts_usec":58099,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":673,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFYAXcBHwgADoRZJhCxpE3zLpQ5QA1pnIIR2qM4CyEEAABAAIAAwANAjcwATIBNgMyMTYHaW4tYWRkcgRhcnBhAAAMAAHADAAFAAEAAVGAAAgCNzACNjTAD8A1AAwAAQABUYAACQN1cDIDY29tAMA4AAIAAQABUYAAGgptYXR0ZXJob3JuCXRlbGVnbG9iZQNuZXQAwDgAAgABAAFRgAAJBmNhc3RvcsBpwDgAAgABAAFRgAAJBnBvbGx1eMBpwIQAAQABAAACWAAEQsaRY8CEABwAAQAAAlgAECABBaANAP\/\/AAAAAELGkWPAmQABAAEAAAJYAARCxpE3wJkAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRN8BeAAEAAQAAAlgABELGkQzAXgAcAAEAAAJYABAgAQWgDQD\/\/wAAAABCxpEMwIQALgABAAACWAEhAAEIAwAAAlhZKqfXWSGE3G6hCXRlbGVnbG9iZQNuZXQADWaWQ2KrMpM7yQCKVCdUF8CZsd8UuOLGe\/axb+Ay\/NWTVA3Zr0BSUADykeduIEZBBfslszxBCLtWJjw97buDzEvoJ6dPQ\/smffR9A7PBcA8vGMrx\/vYm0nKDfYKiwKXB3cayT61ofU5\/+O4eZ8mK7zyDd4NVmMUuKwz6hilRNOPFveA0ak+EzWMNuCSyDupcNYAy\/eZHdtxUD44NujGkG9U7ybrsgbYRculPaexgOKxu6wIMeuCHPGoausWOdwgGMsZ\/9a+crtZbVDgOKg2GuqdNoxaZcaB8m2G+d85wvTgybkqjMIcDjiFy8SOVvk1UORjiSqP3gTvApy\/X3t7tXsCEAC4AAQAAAlgBIQAcCAMAAAJYWSoEmVkgM1xuoQl0ZWxlZw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639}
01074{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451408,"pkt_ts_usec":74500,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":568,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFCAXcCjcgADcRYglCxpFjzLpQ5QA1WQYH3k5\/2RyEEAABAAIAAwAJCm1hdHRlcmhvcm4JdGVsZWdsb2JlA25ldAAAHAABwAwAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRDMAMAC4AAQAAAlgBIQAcCAMAAAJYWSXcEFkcPtxuoQl0ZWxlZ2xvYmUDbmV0ACggce0e+l82m6K57G\/nkzZgF7\/\/\/F9ux6leX5Gn+5inty7\/MjZNahMqNAHQwnC8vBMYfHHAF8hSb7c8eCks0+Dh+nnbeUe4XgsM66nTr32JW46kbrQR89HZRJDZQZWC+piGiT97i3CT+WNQCbre\/CDP9NS8AgJkNfbP354St0OVmQlQhiKyrHqR2Kpg6iWBtjVOGzxTy9IEtmWsVcJvOfaeM\/T5fFq43DPnnWT055vSvfug0FyuSqsrvs\/uahkjmn0wSqWV9DY2l5rG7j2q5sqVxLwtjtu+3l3ZdAyTFxyFLOsRGViZqTvNnralxPJSMhvNxRaX7xgtnifsOR1srwrAZAACAAEAAAJYAA0DbnMyBmFzNjQ1M8BuwGQAAgABAAACWAAGA25zMcGDwGQALgABAAACWAEhAAIIAgAAAlhZKlysWSGE3G6hCXRlbGVnbG9iZQNuZXQAbS4gA1OJVXiOfiH1NhqitGHP\/bRoUOiALgkqpRDu8skb9xITGwMgLUOh4ksNJOEiOZjsYKQKyAOJP7f\/bfAaIkXhYw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534}
01909{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451455,"pkt_ts_usec":633405,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW20gADURSGuMrBHtzLpQ5QA1MvoKTXoKXkiEEAABAAIABAANCmNvLW9wcy1ub3MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEjFpO18AMAC4AAQAAAB4BHgABBQQAAAAeWSvzilkiuQrWCwFsBG5vYWEDZ292AEw02D+blunLpNdEFin1+qF0AsFQBP\/P93\/ArPYSgPaECAOIBBNrIQ+EUDGS\/sThqanuNHzZj1SVWA9CAzO98GFijUnpdSifTO4x9Qo3CG05zf3N\/s5fFZr1besYCBH9wyyidJjde0HfykraB9D+hG63vApNYAPtCvzquBjiCZq6MQB9mYwB30A9ZMk5CnTRaghcrAc+u1y4AVxKQ0y7ITcqyzwRmRPaDFzxHD6jH9BaBXDnRncsq\/RCjaVuVUM5zOySd85R0L1mEfj+F454c85g1Fzcbn5qsZOXLTMLqQ3FRWJkzSALdhO0DVc9mEVu5bmPyDDblEDXH\/N5epppDPHAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAABwRucy1lwFfAVQACAAEAAVGAAAgFbnMtbXfAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzilkiuQrWCwFsBG5vYWEDZ292AKWxpXpNJk\/yTBJP4lU5VttQSdOCPsApD58HTwd7AUzusozvULgo9tJJihlFAQhFSC\/z2qSmGIRA+D\/AEYhYbnkCSlby\/TZn6728QBrsfm\/eTvuVlRcio8ZoKvDceEQjlZ0XdE9\/8FAzxpv4JxMfu37r6Pqo\/kHGUh0O9dYKY5KQ4vRASr9A6ColBpM0Fp6jzxLZgQIgxecmhXKunw6oYe4uAJwPmAwuOtGafuBkrw3+iyL1IFpTT+ieoMjqzlQIJ34apHrtLI7Qpy3V3rCfrvrhFsQK3Blu25MTCVuij\/hrkBYBvavbW5oV1htZ0xgzg+x\/o5Nhl8E5Ss8ok5D\/IczBgQABAAEAAVGAAASMWiHtwYEAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GUAAEAAQABUYAABIysEe3BlAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBgQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GBAC4AAQABUYAB"}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157}
00663{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451467,"pkt_ts_usec":899946,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":268,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLicgAPMRVGeA54D7zLpQ5QA1cboMeow9trSEEAABAAIABgAVBmdzbGIwMgNubG0DbmloA2dvdgAAHAABwAwAHAABAAAOEAAQJgfyIAQfFAUAAAAAAAAAA8AMAC4AAQAADhAAnwAcBwQAAA4QWT\/Mx1kYPpsoHANubG0DbmloA2dvdgA8qDsghhg3NnlrIvnzqjoi2t8F9ueZTTrSfT36cTwMHvoAfuu6t8YRYeVd3+cOzU8zRktKFuhy8uB4+IQMr8Ww4Pznbu1iFnscMdfQImu1yTjxzcTFcCU7ST4qi8TAkxt4FjZaNJAfAflP93iMa9IgaD+Y6GcxRg=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234}
01490{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451472,"pkt_ts_usec":365607,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcaRtgAPMRqz3AUm\/FzLpQ5QA1j7gJF4rJ+8eEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLXR3b8AXwBAAAgABAABwgAAKB2Rucy1vbmXAF8AQAAIAAQAAcIAADAlkbnMtdGhyZWXAF8BaAAEAAQAAOEAABIB4\/AnAWgAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwHAAAQABAAA4QAAEwFJvxcBwABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPARAABAAEAADhAAASAePwKwEQAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847}
01490{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451472,"pkt_ts_usec":447578,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcPAtgAPURieKAePwKzLpQ5QA1NjQJFwxygzCEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLW9uZcAXwBAAAgABAABwgAAMCWRucy10aHJlZcAXwBAAAgABAABwgAAKB2Rucy10d2\/AF8BEAAEAAQAAOEAABIB4\/AnARAAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwFoAAQABAAA4QAAEwFJvxcBaABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPAcgABAAEAADhAAASAePwKwHIAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847}
00709{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451502,"pkt_ts_usec":567716,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcNasgADkRNoKili+uzLpQ5QA13pAG0FwHT9+EAAABAAYABgABCm15cmlhZC14Y3IDeGNyB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAbCEE7E\/tK2nbtUQfpCepzR9frAaFkveZPoT70D7sMwOQ\/+xk54PDTVfx31QpdhWXZxF\/qABasrJ\/6LYfaZOmcQd4SE2DinBGMT4mCTb3tu0MWKWTlWYTQ08jmf+Gj4hy3cOj1CHK0wnSFV850\/91\/y71SWIEMLStLnWPdodVRCzwAwAMAABAAAAPAEIAQEDBQMBAAHEJufWP+5+U3MEy5wDHiagptJ60KZhTslmbiAZzWh\/R9+Ert+MpcHrkSaQsQ=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264}
01457{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451558,"pkt_ts_usec":382420,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":858,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcgwIgAO4RHAeGQ2QkzLpQ5QA1kV0JAMGOMPmEIAABAAgAAAABA2xiZANlcGEDZ292AAAwAAHADAAwAAEAAVGAAQgBAAMKAwEAAeFeeMF81JKKXyZ7m1fNWItdfwnHSJNneiWKkU4z2Dds6bAcMAU825F5fa9NfMMZJ1ofvKubnNMwvEGV7LA8h9brhYvQ10pMxj96kJZe+D2O7Ie\/U1L+VkQZ1frUDUuaBBXlpisapE85PJvpkCTjRzTK5qfC1E6SFDqWtZU3beWTOHPdeWuk+L65g0ywzAgTHi3bTkvxCU0YMUSrmM\/ucRJhZSp2Bnnu9e5m0wWVcQN8RCwwKM4581XZ86AZEsMcNMn4lgfGbO+ePZEUKN4jO3xsvTDL8VCk4S6VztoVAr8CEESKK9QNE1uUtDhbA9peZVictCS6cvQdOaTSDVAe2XvADAAwAAEAAVGAAQgBAAMKAwEAAd4Ik\/y5u\/4IGOhG4VVn7buHGb4ZWWngeCtt0OswAlaKe7FLhQgiGIJppBUZzlluNA5O2z8uFn\/6vWcjc1APkIM8gTsexgXG323L+zrIDzJcesj+XxBGl3maMZApgnsAZwFPAXNwNwEd01ugaQCevUjlvvpmQcMCgMv\/o5tuAiZQn6osfIl+95UJAH0ZoIKJkmeWYoGfMFLJeDZVa92beqMioYSqa5qhiSFtNLMmVkEyO4srbnaIMRv2nTboTEx5uIQZAKEhoQiXCLMvnBvEdR4Bmlz2s25A5KJRfNyhRIPY5lTpaPW6s2MAdi6wQOi\/tq2vQucnMXojmyYDizNjnxHADAAwAAEAAVGAAQgBAQMKAwEAAcIMnmfbk6YNzYUpG7ynL2OsKhTqhlCotZUrmruLmEWBoYibBwJ4CPXSrMDYIOj2\/UHdAWHfr3HEPagX8To21t8Hq8NRY8e+GloeYTuhJFOva2ivoXj\/E4V0VfeJJVuHTY0LKwyYoTcgGJU9hLfK7JOaOq3a80oNHJ9v5iaJ8Vvi5adW1QquXLQWZtNjVOho8xmeZ\/bqiUmkgaDPOoSlyAdf9GkOJkfVzTpRgahyLRTLJYP1dcShPIBW\/gBn0naElasEgYAZ62erTyMj+Dj+McLObt+enoOo"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824}
00682{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451574,"pkt_ts_usec":398672,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvxEgADcRsUa4rRdszLpQ5QA1oygGwFz7eMKEEAABAAQAAAABDWp1ZGljaWFsd2F0Y2gDb3JnAAAwAAHADAAwAAEAAA4QAQgBAAMHAwEAAdl6vxiL++F\/pjIKqj9e7RaBV5rwA3o9DNcv0h4HQ93WZJ+2YrrhIVTBghHPFs+8FEN7Xdx2djyC1pjSprgXQ2HeWbJZy1rO2CCoH12hxAbUEQnPy1BYYsMpATL7FFzDIup6CYAV7Is7xTwPl\/Wm5B0cxltQlAHAlLMQiylRrZup5SRgZQGoi1q7dsIP6kgvfOSmZGIwr5OxtBC\/RzC+7OcNnmbexBAx\/ujQjwn1ITH0JeAIU+9jiKC+"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248}
00499{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451582,"pkt_ts_usec":606401,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXceY4gADMRzHRRW60TzLpQ5QA1plQGOJZ\/AaiEEAABAAIABAAJCGdyZG5zLWRlBWRlbmljAmRlAAABAAHADAABAAEAAA4QAARRW6FQwAwALgABAAAOEADcAAEIAwAADhBZNR2QWSKokGYrBWRlbmljAmRlAJfVO1vdsL8bdrClwW8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112}
00478{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451603,"pkt_ts_usec":49667,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":131,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/D8gADMRuiiBBg0DzLpQ5QA1arUGKRUJU+aEEAABAAEAAgANAzEwMgE0AzE2MwMxMzIHSU4tQUREUgRBUlBBAAAMAAHADAAMAAEAAAcIAB0GdGltZS1iCHRpbWVmcmVxB2JsZHJkb2MDZ292AMASAAI="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97}
00724{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451611,"pkt_ts_usec":805112,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":314,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcDxkgADkRXROili+vzLpQ5QA1TDYG4IL0xMOEAAABAAYABgABDmxpbmVhci10dmUtcGlsA3RvcAdjb21jYXN0A25ldAAAMAABwAwAMAABAAAAPACIAQADBQMBAAG7xRiYkSu1FrneRCH6ntrsauJWLw6fk1RtMzYYwMb16Knn1SeDLbMj6jRuPHc\/N9CDpNHKBwY7D8GGYJHtQOlY1BRgtvcl2XG\/z4KT5bOP8sBaXSr1Q60QyLTjEldwC8Hcrwfq0nlgSqdeedPWUZEiInPjf0m6Q0yG3lTY3p3jMcAMADAAAQAAADwBCAEBAwUDAQABl4a8UCzCZt5CAPJ1+RL9MCCZmtygIfM+1EkpxZWzKFW6hTlX1fvx29DxB35W993mMAjv0961og8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280}
01328{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451613,"pkt_ts_usec":183104,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXccLkgAEAR7frMulDlQpiWJQA17AcIoOzEWyCBoAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAALHAAEgQYPHMAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8ATAAIAAQAAAIYABgNnZWHAE8ATAAIAAQAAAIYABgNiZWHAE8ATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
00985{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451617,"pkt_ts_usec":290525,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdRkgAPQRTW+A50ABzLpQ5QA17tYHop3j4riEEAABAAIABQANBnN0YXRpYwZwdWJtZWQDZ292AAABAAHADAAFAAEAAVGAAB0JcHVibWVkZ292A3dpcARuY2JpA25sbQNuaWjAGsAMAC4AAQABUYABHgAFBwMAAVGAWr+PY1jk82PoEAZwdWJtZWQDZ292AJu6kQSEhR8egq7iff9kNvnUi3EB8Cqxahn7\/xnKCblnIeeP205Pcfvq58wdpFd4t2tLrbNoUdrfjjrIvtJTNm8AczdH8VxTTwKlZ544pPbKqSowUHJH8kt1BYbS08C6W\/koWBsjtLuk2wwJn3Xv1EHHGFTmeMXVa9Ykgp+szm4UYdPEnokSrW0ySALEqeqR1T8NYKCXtsBVthVcDs6IE2iJWsUHfJN\/ND5yD6NryHs5EYO0a5uiDSFdbl2a1e3U2IiqRcHf12Yi7nNig+en76ODdO7CGdj4XsXz8AYWndn30mHl316TfYk9Tr8TfkagYqHqYLV3kzp8Pim2wy5nSI7AOQACAAEAABwgAAkGZ3NsYjAxwELAOQACAAEAABwgAAkGZ3NsYjAywELAOQACAAEAABwgAAkGZ3NsYjAzwELAOQArAAEAAVGAABiP2QcBjJqKhZbbxHR4uEOouQ=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474}
01302{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451617,"pkt_ts_usec":292283,"pkt_caplen":738,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":738,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXccB0gAPMREnGA54D7zLpQ5QA1qyQOUPvPZ1uEEAABAAIABgATCWRuczEtbmNiaQRuY2JpA25sbQNuaWgDZ292AAABAAHADAABAAEAAVGAAASCDh0fwAwALgABAAFRgAEkAAEHBQABUYBaAL7qWRNw6s2+BG5jYmkDbmxtA25paANnb3YAqynlZlaIB4Smw1gmrgrhShXsg+fKpc9IVq+H0d8Wqe8ehWyuxMN5VtfcEaLC+EeL8bzU4KuotzpGoDCkxCZdXFHPVKuaX1nzyQKnX1ljBf8NzdObkudu7m5LKsZKBwHSNYuTy0jN791rNwOkeHjeiejuoDZvEfDwRbyO1nFBJ6h8isnkI\/0kQNd0201HZH6RGOQ2KqsqoOWUQCZawvaoql571eZD0z3ieQ\/7FwpiQ9vz\/VUXzC+SYsOOT1yPoZ8c6dYCXQY8gwTNOCDqJaGJMkzo17QL1DHP4vbFEiU+nL7o8yPZTSu\/e0+\/Z3T7PU000lQYL9r0d4LlePbetu84y8BaAAIAAQAADhAAAsAMwFoAAgABAAAOEAAGA25zM8BjwFoAAgABAAAOEAAGA25zMsBjwFoAAgABAAAOEAAFAm5zwGPAWgACAAEAAA4QAAwJZG5zMi1uY2JpwFrAWgAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sEzYKep6XHZu6d5e\/CGkcUh2Vks9\/pyJ\/t2s2KBguZm2e\/qZ1Ezxt4cEtu9kc0sswh6yWPsWme\/zxCgcrwhF4ZRmacvc+rMVf\/a\/AghKUmUTfCHDsCeW2IcVFuIY0PYQvO0ixv6F67"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704}
00777{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451618,"pkt_ts_usec":89828,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":353,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvUsgADcR9T6JyAQfzLpQ5QA1fIMHB7MjfFCEEAABAAIABQAPBGRuczEDc3NhA2dvdgAAAQABwAwAAQABAAAAPAAEicgrCMAMAC4AAQAAADwAmwABBwMAAAA8WUE2n1kZn1cHPQNzc2EDZ292AC5156k1jArAQVGBahVpB6i1h\/fLJ3i\/HJY8GxrDrwsXIly+1WH6d7kRKc6lk\/uZf0+AmaTOUahspZVRqb7TH6GrbnsyXZmTfc3Kzu2iCB1GZM+ThGuuBfTJP\/RUgJK9tEeQ4pfMuSB5LQOaizURDpM8RAEaHBNs8UiaB2wYxjm8wEwAAgABAACMoAAHBGRuczbATMBMAAIAAQAAjKAAAsAMwEwAAgABAACMoAAHBGRuczLATMBMAAIAAQAAjKAABwRkbnM1wEzATAAuAAEAAIygAJsAAgcCAACMoFlBLTxZGZ8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319}
00790{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451619,"pkt_ts_usec":519744,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327}
00978{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451619,"pkt_ts_usec":545973,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451620,"pkt_ts_usec":149557,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","caplen":44,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","caplen":44,"len":60}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451620,"pkt_ts_usec":149557,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451620,"pkt_ts_usec":868987,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00190{"basic_event_id":14,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","caplen":43,"len":60}
00190{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","caplen":43,"len":60}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451620,"pkt_ts_usec":868987,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":26}
01157{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451632,"pkt_ts_usec":4127,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602}
00661{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451636,"pkt_ts_usec":457182,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcg4sgAOcRN5mDTlH+zLpQ5QA179EGr6+UudOFkwABAAAADAABCk5PU1MyUFJPNTICYWQDZGxhA21pbAAAAQABwBoABgABAAACJAAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACJACbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231}
00672{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451636,"pkt_ts_usec":679021,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":275,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcRyUgAOcRc\/+DTlH+zLpQ5QA1lCQGuTGo9n2FkwABAAAADAABCk5PU1MyUFJPNTIEdXNlNgJhZANkbGEDbWlsAAABAAHAHwAGAAEAAAGdAC0IZWFnbGVpYjHAHAtyYW5keS5zbWl0aMAfd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHwAuAAEAAAGdAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241}
00672{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451636,"pkt_ts_usec":862163,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc1mwgAOcR5LeDTlH+zLpQ5QA1mK0GuOHsaJmFkwABAAAADAABCk5PU1MyUFJPNTIDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAo4AMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAo4AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
01000{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451661,"pkt_ts_usec":43614,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":520,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAV8MiEgADMR67bAa2aOzLpQ5QA1kJIHTuawQK+EEAABAAIABQAPBXByZXNzBmJhbXBmYQhiZXJrZWxleQNlZHUAAAEAAcAMAAEAAQAAKjAABEWjkf3ADAAuAAEAACowAKcAAQoEAAAqMFkmu3pZIXKW\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQDYr4iiKwGHUj8t5HsllLRdCw51+RuHgmXTVi3BKZp2SlHKwPPE5NDgykdlf2nh09MKoRsS4ZQ6K+HtO0Fgl3XDsVj0e38hlFZSyxT3UsVtxM+no9NBzelbSMqdsdKPMBXZBU6WN68SPUB0Mpo5EB0ERXosqZrbp40B7OEuBwhJTsBZAAIAAQAAKjAACQZhb2RuczLAYMBZAAIAAQAAKjAACAVhZG5zMsBgwFkAAgABAAAqMAAJBmFvZG5zMcBgwFkAAgABAAAqMAAIBWFkbnMxwGDAWQAuAAEAACowAKcAAgoDAAAqMFkn98ZZIq5X\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQAn0OdhYPVBP+po1b2zTtthnlvR+AwkjgERoFRV1d81BBycm1q7rnJTejDubWCC+fexo8tBaiAWuF7QlClYFOJSAmzwtfgGPOICDtid\/wne+kDmwXvgLbwXYX5lBPAt0LIXRb3dGGBe+RGHeQ=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486}
00667{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451685,"pkt_ts_usec":924265,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":272,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdQIgAOcRRiKDTlH+zLpQ5QA12ScGtpz7Az2FkwABAAAADAABDG5jYjFzZHYwMDkwMQJhZANkbGEDbWlsAAABAAHAHAAGAAEAAAHJAC0IZWFnbGVpYjHAGQtyYW5keS5zbWl0aMAcd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHAAuAAEAAAHJAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238}
00476{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451704,"pkt_ts_usec":377782,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":129,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLFogADcR72\/BRGNjzLpQ5QA16EkGJwo+kYmEEAABAAUAAAABAmJnAAAwAAHADAAwAAEAAA4QAIgBAAMFAwEAAatvnBmra+7zeBm9l13suknlkqymM+dxrFdopER\/atXEXpeKon1lB9rWXtPTizfX"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95}
00698{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451720,"pkt_ts_usec":70227,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcf7QgAOQRIpPOJiMDzLpQ5QA1bBYGzcCiF4OFkwABAAAADAABBmlzYXRhcARkYWFzA2RsYQNtaWwAAAEAAcATAAYAAQAAADAAMAhlYWdsZWliMQJhZMAYC3JhbmR5LnNtaXRowBgBMZuVAAAAtAAAABIACTqAAAADhMATAC4AAQAAADAAoAAGCAMAAAC0WS8rbVkh7l0xhgRkYWFzA2RsYQNtaWwAX2YDHFGs++P6KY5jyOnyDe0uBmvRjeLNiVar29Ll1723S4vXnuSWhUWFZRQdEVXqxkbd6V+XrLkpWPckh1R4zgV9PWSNZ8HZUjMZhQWPWXpppn2CEeN7b88KhZ27nzVXi+\/73NKvN1wXzYqVmw0ROQ=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261}
01501{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451745,"pkt_ts_usec":785541,"pkt_caplen":889,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":889,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcuAIgADYRFDWAx\/RyzLpQ5QA1xd4JH1hTgneEEAABAAIABgALCGNvbnRlbnQ0CG5vdm9wb3JuA2NvbQAAAQABwAwAAQABAAAOEAAExgc9H8AMAC4AAQAADhABIAABBwMAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AlewZozFU2n96aVRqxQUtXjawCyGgM6B0TzRF56i4jQojMtEEU5RHV2P7Vi\/giydID14A4YyUQ85+uCYlFI0DOCtWk0z5XmpprtC9X+\/T1\/r4JD0uPBpyimV4NZ7fwQxxt5\/3s2rlf4r73xWZZ+3IUuJ2vwbncpUyzu1TuFq+36Vdmu0LH4Wzte\/E0y2pkf37K2RBRQ7Nn\/d+Xj6t5ggL4KWxhT3Q0vSCylzZfyLrz2NK8Qb9WKZPaGXKWrHYVjLVERNJemNdvrQWUyPUJZC8YuSGBgJRiBu7nGJd9NUwi+LJQ8nOWu\/g3XZWYEgJTSqnXRaYhwfpdJtUS4EbhA6YOcBVAAIAAQAADhAADANuczMFZnd3Z2\/AXsBVAAIAAQAADhAABgNuczLBc8BVAAIAAQAADhAABgNuczXBc8BVAAIAAQAADhAABgNuczHBc8BVAAIAAQAADhAABgNuczTBc8BVAC4AAQAADhABIAACBwIAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AcFsxOk+TskskfmYioP9UewSZSL9WmuTUot1PfZFKaiFZLalRXKlbejn1Bpls9bVGMNJ8VYVUfoGcuesziAD8mlHukbkBjCvqsQLQJlUn18HhsM8Un6BUiQsAyEQsQp5HXtsXSzUuW2h7pa5HvFt51KDRqdLdfTwvCR7QFOYApeIeE7jGd14b6fcFUUntTWakr8Diay1Cx6MEqchNtPP8y5WWowh4rqtf9abZ6MihUGhOYq4GAOz7667QkstI2cH0PhPu2Q\/5ONAvjTiLfKSfgeeGC8VSswFyq2aFb6HIlVmYOK1XmDe3BmP7FLuXhq9PlJ6aBBY41kBThidqiIzU58GrAAEAAQAADhAABGjskh7BhwABAAEAAA4QAATAYM65wW8AAQABAAAOEAAEJTBzbsG9AAEAAQAADhAABC6l7FHBmQABAAEAAA4QAASAx\/RywasALgABAAAOEAEdAAEHAw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855}
01328{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451748,"pkt_ts_usec":818219,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcFmEgADMRoAeBBg0DzLpQ5QA14pUIoA41h4GEEAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHMAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8D3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
02335{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451756,"pkt_ts_usec":278524,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGOsgADcRhwqY2AekzLpQ5QA1zeYLg6WA7YmEAAABAAIABQAPA25zMwNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalWKsGuV0qSYiHp0ZrSW1UB4GFMJyv7xm1d\/Po\/u1S5R08MeFVA+R2ZtvHBErM7kw\/4vE2A51h\/i02hoLPEPwvEXL7BXREwrjYl2TQspuWnPYjiGXk63g8xr6TFgux7jb2BRXQ4LBHynjXnnvpt3XYYGbcmWAyGPAsOf9hQuEFUTW8B15ZH+YidKzPQ1rU9pRShm7Pd3FpYAiKLk4i351zYZI20c8JNuwICCSg9UMWYXsfMXQ+CnSvsgbvApAMm6rh0DMcwkAJPfalPrGBEcb5Z1jx4wdGgAiCBer8AQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwXIAAQABAAAcIAAEmNgHpcFyAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
02332{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451756,"pkt_ts_usec":278901,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGO8gADcRhwaY2AekzLpQ5QA1NzILg45YlzKEAAABAAIABQAPA25zMgNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AelwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YACIMpywUArJkA9Pr8GoybhgY2Ocgs\/9GIFFuvETX0fJGJlUnHAJSqKW\/R0LzP1Il9v6s81BpuSZpAB849wqEfWzFXluuZB5AR56eqVSJblguN5+T40xCB341G4528ZhyGRaXl+eYxq78eUD4cE2wBk3V74cfj1DDbMsYAW8Vgk6o8X8cK20+vQNjt9Ter915MWxERLC+lB5u+Ke9vetQqeV0qcZqahg+htHixrcdztcnVQBwTTHnqT931MsE2NAIeg+Z6OSUfvUAvK1zPWSo3JuVwhfiUlmKxv3X6Q3XgaskSAJbjqymmW7axPqELiWZ02m\/0lohciHpUFWYG\/hqdjcAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zM8AQwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwYAAAQABAAAcIAAEmNgLhMGAAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AFGjlQ0CcH7S\/YLa1DPEXyweqkjgV2S03PR6JP+jCFHGNKfmV2pVirBrldKkmIh6dGa0ltVAeBhTCcr+8ZtXfz6P7tUuUdPDHhVQPkdmbbxwRKzO5MP+LxNgOdYf4tNoaCzxD8LxFy+wV0RMK42Jdk0LKblpz2I4hl5Ot4PMa+kxYLse429gUV0OCwR8p415576bd12GBm3JlgMhjwLDn\/YULhBVE1vAdeWR\/mInSsz0Na1PaUUoZuz3dxaWAIii5OIt+dc2GSNtHPCTbsCAgkoPVDFmF7HzF0Pgp0r7IG7wKQDJuq4dAzHMJACT32pT6xgRHG+WdY8eMHRoAIggXq\/BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
02338{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451756,"pkt_ts_usec":278993,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGPEgADcRhwSY2AekzLpQ5QA1Q8QLg5NBAMmEAAABAAIABQAPA25zMwNpcnMDZ292AAAcAAHADAAcAAEAABwgABAmEAAwIAAAUwAAAAAAAACQwAwALgABAAAcIAEbABwIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAggGB5zn+E1Pg+FLMqTHnbMA\/oOer5LeX4aIHpNS4o6eo3\/mQLBqkFditZ2io9gnZB4qh2JsMATiESYiHWEYj0bEtKixiKHmqgPaqgsClUlMc36a53fLyVtyHOsfb4Bn06ipKA\/mFDV0+OoNw8Y3Ho1jSbY7bHubvRM+pfr9JzoRxfb3DWL73ZWluCLfXSQajOLrJJnVQ+P2lNfaTK3czYjjMf3wRU9NKWnRGD4+bDy+2RctwKE\/IMs\/GjQVGFjztYPa6p\/mlAS1K5K4FizcZBjmrNEKa71WUgVe3uiPYOufTuXw7A\/z431698ylT38+Lw74o4px+sIHQ1lAUZBM4AMAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFsAAEAAQAAHCAABJjYB6TBbAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwX4AAQABAAAcIAAEmNgHpcF+AC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3ADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalXQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467}
01326{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451760,"pkt_ts_usec":381738,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGAEgADMRnmeBBg0DzLpQ5QA1ohMIoLZgAPuEEAABAAMABAANBnRpbWUtYgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHcAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdNKgRuaXN0A2dvdgB6DVGNpuOznKvdrQN8bwUpu4PENDRSb+5+syaMGo6RaYqni8IQRlgrlLmn0P9fWLeESttBnO35aSL8o+kaUL7kh56Tzeztgfxvi73UEVovSqcWPBrNHp06FMiCkzzWxYm3rwMsy7tgq5QiEQG82TMM5cM\/UdLrrVKTvePPvapChMAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdp9QRuaXN0A2dvdgAH3ZlJ1Plagxurcne6cVxPIYLgmEuZl+Z8WXRbQC0s7YxnKt0M7zxnZKNLd21OfZCww+HGwHXqGzXhrH5S539DqqjEfHlik\/EheQJBrs2wgJD6BuPbFqZ+\/m62e5E1TenoG46sJm2SbQR4t88KGGo41imZHHAUOlsfMJEWeIhOwsD3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451763,"pkt_ts_usec":731982,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXcogYgAEARoZXMulDlS2GodAA12qEF7q5VMVqBoAABAA8ABAABA3d3dwNzc2QEbm9hYQNnb3YA"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451779,"pkt_ts_usec":464126,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjkogADURn38YivwdzLpQ5QA1IBMGEoHof96EEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAHAABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451779,"pkt_ts_usec":745556,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjksgADURn34YivwdzLpQ5QA1chAGEkLdh+yEEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAAQABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74}
00689{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451779,"pkt_ts_usec":762059,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":286,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcB3MgADsR6J3HK4U1zLpQ5QA1x0sGxG739qGEEAABAAIABgANA3d3dwVpY2FubgNvcmcAAAEAAcAMAAUAAQAADhAACgN3d3cDdmlwwBDADAAuAAEAAA4QAKAABQcDAAAOEFkvMblZE0c+sGYFaWNhbm4Db3JnAFcOXWiLmAn+7RhE3TKRAZ5C+YCLPXSCXHhs6mLxoYLFSB9OmyFE9HQ90+HWIdUDemeRreC546O8dauCK16auNeVpMGVWBmAVkdmYo\/jYS\/f0rb0ZmripWbPcu3lWPDh7GnpYHF2BQ+z6kikiq9qTkmjhshwCrs5yNXSFD+OutJN\/jecwC8AAgABAAAOEAALBGd0bTEDbA=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252}
01856{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451795,"pkt_ts_usec":488014,"pkt_caplen":1163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1163,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcnoIgADsRANkX04VDzLpQ5QA1ZoEP+cmJ9tyEAAABACEAAAAdBF9ub3MEX3RjcAdub3MtYXZnAmN6AAAhAAHADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAbsJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNgdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwMwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDA4B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgG7CWZlLXByZzAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDIHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDUHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA3B25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA1B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwOAdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgBQCmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNQdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDQHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNAc="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129}
01257{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451801,"pkt_ts_usec":867184,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVUIgADoR311APsiTzLpQ5QA1HC4OMzJ8VlCEEAABAAIABgATA25zMgNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAUnw0GQABhAAAAAAAAGHwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YAPWJVgdJKgVrTRsYmmdfgVzqqFqEjtUkbPsBTAyhBqcDqUhyiJ9lBKi0APTMHaoRlm9hKhCaxBf4OosrfcZZZslLTdHCsdWT3HBqF8quhdYgBFhCMYj2GltCBFdXUFuG\/ZMZe\/CYWmCUJwAYCF1Nrid6tA42V3+7Xl7GskBZncS2WWlSxB29bNO5qp\/hzNCvZSu+2CoR2pxntdEHpFyHTMEFW1GIMYaBIBeKmZ9Doz3BzKpSAQQ+2gzTU0pwjmlklQze5+O\/T87VbIrIG0NI6rOWvlrdMZVPfgmbDRUgBonXYW7ys3J4xP6AACqxAfp0yxUWCfy9QuEQQgB+HEB0bVMBXAAIAAQAADhAAAsAMwFcAAgABAAAOEAAGA25zM8BXwFcAAgABAAAOEAAVB2Ruc3NlYzcHZGF0YW10bgNjb20AwFcAAgABAAAOEAALCGRuc3NlYzExwZTAVwACAAEAAA4QAAYDbnMxwFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675}
00720{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451802,"pkt_ts_usec":317438,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":310,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc7j0gADgRdoqiljgTzLpQ5QA13WQG3OQmOZmEAAABAAYABgABDXN0YXRpYy1hc3NldHMDdG9wB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAdNI7Jg7FgzKcoFbbTVFnNS103uNlzSi57w6MSU8g4N7BY45c8wRU0sUX4wCfS5mnvFDJOVeri9\/brOPAihImJbUq1qtU1hWYhriE+Q5okjx68WWhd44ZtMny6bsYRvUiusoqWjg23bXi9ii\/7fg+pccZPnCpi15g6KH4Pi07RLdwAwAMAABAAAAPAEIAQEDBQMBAAHH50NT4xwBENYYIASJ2mD3BG9QGEiNhcrE595erpAhJx7YsU81LP9gTvm6xTLb7N7F1r2ajg=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276}
01932{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451817,"pkt_ts_usec":304087,"pkt_caplen":1212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1212,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBogADIR1B2hNyACzLpQ5QA1FhYKYhxxeiOEEAABAAIABAAND2F2aWF0aW9ud2VhdGhlcgNnb3YAAAEAAcAMAAEAAQAAAHgABIxaZc\/ADAAuAAEAAAB4AScAAQUCAAAAeFkriyJZIlCiJtkPYXZpYXRpb253ZWF0aGVyA2dvdgBcAnaQGheMvunF5C4cR5MJ72dSM8drk3RcE\/+nxnzfOogtDZmIWC2uUpk1r8xGZG2a2jRIA\/aj7zKkRbvNWBJ7qmI7yE\/unpmntn5Dyz3Um2RQBCjsXFWyfJgY5adyFQrx82AJTn0XIJJWlgv2g8gLH5cB5vq1Yx2QwIizFaT84HOR9Ro7mx0vPzffSQYtz10RZTKVLepM1R9WCwQoAlCmj1FX3PJSAVW1ysoAcCz8VNw8RQVeI7UOQsrNyeoeQU4fT9ZJVxaQxHfWRAhaVBdW1NMrgGV8IGluYRAdA\/hJk+MHJtjXbnaSeicSZRZLPiWIrQ+9vEs51K9tviWP1U47wFMAAgABAAAAeAAMBG5zLWUEbm9hYcBjwFMAAgABAAAAeAAIBW5zLW13wXnAUwACAAEAAAB4AAgFbnMtbnfBecBTAC4AAQAAAHgBJwACBQIAAAB4WSuLIlkiUKIm2Q9hdmlhdGlvbndlYXRoZXIDZ292ACem07do6v1NXUbeeSFCIj1ItSvoyoZ\/MkEVoL5rYeAY9tnwbNm\/RpXbQs3WZA84dHc8qApmpHZjNOzbQez3KZG7OK1f97Akn7bH1Ky7MKcrTPKH1PCPR0y4c94s6MFoH7fD6SfpHkqVyFkaspk\/OJpadSYLEQw32h1fGec9Via\/3fvcfA9UaUVW48GZIkYFNWZU\/dMHVDul0koiW1RkbrGjSj9jrN8M5OzzGNtQWIjEdvi5TKW5kPQt9XYqkeohSO6NHXOBkElsykELYz0FoRto8wvtZYGKZxoLfRlDES0YDpe+inWG1xWUXgvmym\/DRCrMlOOt9xEshGof6J1Kr9DBdAABAAEAAVGAAASMWiHtwXQAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GMAAEAAQABUYAABIysEe3BjAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3waAAAQABAAFRgAAEoTcgAsGgABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBdAAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8F0AC4AAQABUYAB"}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178}
00672{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451840,"pkt_ts_usec":165795,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQSkgAOcRefuDTlH+zLpQ5QA1iN8GuEyAW62FkwABAAAADAABCkhJMDFXRUYwMDEDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAycAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAycAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
00737{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451840,"pkt_ts_usec":209084,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQccgAOcReV2DTlH+zLpQ5QA1iBUG6lPedjOFkwABAAAADAABCkhJMDFXRUYwMDEEbm9zYwNkbGEDbWlsAAABAAHAFwAGAAEAAABZADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcAAAHZgAAALQAAAASAAk6gAAAA4TAFwAuAAEAAABZAKAABggDAAAAtFkv4yBZIqYQMlUEbm9zYwNkbGEDbWlsAHAi\/\/IpY3Psvud3bXls8gvS7SxTXcJbJ2fO4LqoVAeoWw33Sok4nKe8G5wSzgrj+gHIwqz4AXRl3ZauyfrHZKtplIVp\/qYFFwFvnbKy4VuVxCDuV39nS0bYD6vwMZut5duIQsRD92AJMBuJaLwaFueObOvDDzhSu2qWb8T7Pru6wBcALgABAAAA"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290}
00685{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451840,"pkt_ts_usec":333990,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":283,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQ9AgAOcRd1SDTlH+zLpQ5QA1+V4GwcnHlaqFkwABAAAADAABCkhJMDFXRUYwMDEDb29iA2RsYQNtaWwAAAEAAcAbAAYAAQAAAZUAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAZUAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORa\/AgRGTYgjUNSA=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249}
01257{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451860,"pkt_ts_usec":723807,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXctFYgADoRIiVBMSXFzLpQ5QA1N2wOM3VnSZ6EEAABAAIABgATA25zMQNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAQRwAAEAeiAAAAAAAACXwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YALVciLeV6\/9PVH3ix0oDMwPVXP+IuKi7iilwN8AXuICaEixRjMcL3k6CimR5Qqz2Ycw6GKR7q0Ru6zaeR+QYAjDqrD+MMW8dbCcINrpqJWjnqBRalN\/yYo\/yvsBa2wZPK3alx2x5VnRHoD2Js8UfeJJoW0zLMCnQkcnHnI8zIxKzPAlhcVwmcU+2j33B8sM29LmFlzJzazhfNwdxdRvaTNbUEhTzhlpB7woguGh3UcEHOLFrxazn6WmkxImFq2NBaB\/T0eDIozLqDuE+altkXto3Lyhd11i49paFgy0Mhg2C0ZQoPj1+cSeqFyHfhmq920VlYzrf1hk07KsH5DFRWS8BXAAIAAQAADhAAFghkbnNzZWMxMQdkYXRhbXRuA2NvbQDAVwACAAEAAA4QAAYDbnMzwFfAVwACAAEAAA4QAALADMBXAAIAAQAADhAACgdkbnNzZWM3wXXAVwACAAEAAA4QAAYDbnMywFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675}
00714{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451867,"pkt_ts_usec":62384,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":304,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcqqsgAOcREHmDTlH+zLpQ5QA1TnkG1twua62FkwABAAAADAABClJDMDFXRUYwMDEEbmVtbwNkbGEDbWlsAAABAAHAFwAGAAEAAAA8ADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcd9p7lQAAKjAAAAQ4ABJ1AAAAA4TAFwAuAAEAAAA8AKAABggDAAAAPFkvM2hZIfZYHRkEbmVtbwNkbGEDbWlsAB1eP48NXB48YC39LxAk\/Khj2mVEQ6aS5HOSznEHbJsfSIIptRD6BtLuXwGHekuWL8Z8c4kWh5ITHm730bhtaFCQHR4MBMAUg\/QYfZB\/3QkezK+jd+kE5nVF\/tAkTs15nBpCsT3XFv1DW\/UqWuIhDZwgTv+++Q=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270}
00577{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451874,"pkt_ts_usec":121400,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":203,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcE+8gADUR5p1N8Pn0zLpQ5QA1XvoGcR\/WhA+EEAABAAIABQAHA25zMQNjc2MCbHQAAAEAAcAMAAEAAQABUYAABE3w+fTADAAuAAEAAVGAARoAAQcDAAFRgFkvGkZZB4jkr\/cDY3NjAmx0ALbKVVGDcRZDqk1lyGdWsP5IQ26mLHrrMMz2pPyson+cx8+CsnAw8\/PhfvXbGxejQaIrCYXN3lCaimZi4Ns9eAyNg0i42MNM14BM77qxS7I="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169}
00660{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451891,"pkt_ts_usec":93884,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcxOggAOQR3V7OJiMDzLpQ5QA1oocGr2AqSlqFkwABAAAADAABClBIMDFXRUYwMDECYWQDZGxhA21pbAAAAQABwBoABgABAAACAgAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACAgCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231}
01911{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451910,"pkt_ts_usec":684938,"pkt_caplen":1189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1189,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW3YgADURSGKMrBHtzLpQ5QA1nlwKS15OQ2CEEAABAAIABAANDmNhbWVvY2hlbWljYWxzBG5vYWEDZ292AAABAAHADAABAAEAAVGAAAShN0EOwAwALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AIaf94KEuv9ZJnwf0eecIweTnGhU9b8l62tJ68k6dYKJPMmWgU+FCdyf\/QzA4d7evU\/WdY7C1qnmSAKUF\/jv82PtKEXWR9WzExnNSIkYyQ5Ek5HmxOvXRyAbUWYpnmzE31nJFS1DIaj6bHFKKyXa7kbE2lCLrY7Yw5mk7cXQ4OLgm8h\/Rf8PZUuRTxVYvWYo4+TVze1zHc8FD\/ypXkA55QgQpzIh2fdyiGaKmMRm4vEgVKR9qcV84hn2T6W953fnxyCiEAhN7\/HrL8+6Sed3bKvypaRqQ6VyWlurn4p4PS768LrGaurHjeTDHLHyOhT+cpJoI83IpDVd3ZFZXfga1z\/AVwACAAEAAVGAAAgFbnMtbnfAV8BXAAIAAQABUYAACAVucy1td8BXwFcAAgABAAFRgAAHBG5zLWXAV8BXAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZUAAQABAAFRgAAEjFoh7cGVABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBgQABAAEAAVGAAASMrBHtwYEAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8FtAAEAAQABUYAABKE3IALBbQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZUALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBlQAuAAEAAVGAAQ=="}
00177{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155}
00712{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451913,"pkt_ts_usec":554506,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcoZEgAOcRGZODTlH+zLpQ5QA1hecG1xOqS+SFkwABAAAADAABC0NNSDBTLTUwNjI0BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAPwAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAPwCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451914,"pkt_ts_usec":68906,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcXUggADgRPcyY2AuFzLpQ5QA1eM4GFPW9NOaEAwABAAAACAABC3NpcGludGVybmFsA2lycwNnb3YAAAEAASBlZmxia2RtZjJtY241ZWg0ZjB1OW9lZHN2bWFxODA="}
00175{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76}
00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76}
00956{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451914,"pkt_ts_usec":94306,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452}
00672{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495451915,"pkt_ts_usec":752227,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00176{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
00176{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test"}

38
test/results/bitcoin.pcap.out
View File

@@ -1,5 +1,5 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":725033,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00570{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":800894,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01786{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":931550,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -15,7 +15,7 @@
02387{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907506,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc90dAAEAG6U7AqAGOvKXVqdgVII1UFsJv9OSPg4AQ\/\/8yYAAAAQEICicy228wkrxZqAAAAAAAAAIAAABbjacOO7ehJZKVVWBuwsVZJAX8Bcw9IQXLUwAAAAAAAAIAAABjKtyaZqub0a4QXrTXEOBXlIwuMyPoV4DXyQAAAAAAAAIAAACAesXRl6IxwOyV5rAzrmK0xgwV0ECh6q1lYQAAAAAAAAIAAAAZ3Ce83jjP2cB\/YkVFKayz2mPdZT6\/9q61LQAAAAAAAAIAAABDXTfaeHhZTzaoTC9yLc\/x1tEQ8v0eLMsIbQAAAAAAAAIAAADHxCcUlFXv1nxG\/Un1lT7zUQz1aQaW60nrlQAAAAAAAAIAAABiy\/ssIz44IxlIFKKbPRPtUXtJBR8dH1F7OAAAAAAAAAIAAAB+C64bJTtdX1J\/zCmdYBw1OIu+e1JH5UsBLAAAAAAAAAIAAACDjnaBAfvBfVkcgYEW61m7mTcs4+PYH7NXQgAAAAAAAAIAAAD8Sjpzl\/pY+XFSowU0O4LxKn\/L9BsMXKsn0AAAAAAAAAIAAAC8FUOH\/VjMTxePh4ApiBasBHoleUIC3mQHfgAAAAAAAAIAAAAmbZqYsH0gTlDkfffK1gNwYmh\/jcOVqJcBqQAAAAAAAAIAAADBzrVj4n2PWVxKPqHQnl7ke4jLdODGx7xXswAAAAAAAAIAAADtYzsSYg9zJ+5Ant\/vI12yJ\/GL+j8dEZdZkAAAAAAAAAIAAACRPmzbiuVERFgTPXed3ITPDiku4aM7ABZ2jwAAAAAAAAIAAABD1pJoBCang4F8mmlWwggeUZisn\/y31zd6QwAAAAAAAAIAAAAwxmrukdIUcly6ZFfnQDRhZos9g9uwtyR6qQAAAAAAAAIAAAC0END0y8tvhp\/P3MfPoA8KZkbYVYJCwVemmAAAAAAAAAIAAADX2b5x9eabvJhOSVA4NGX+kmrUKSXRdqAYHwAAAAAAAAIAAABPpfUijIxCUdc+QLG+51K5bz8xKt+HQ8A6igAAAAAAAAIAAADRDU6ZIkEen36+OmJS+U\/GvSSnsltpY1t8PwAAAAAAAAIAAAA4uOl3D305fKBKWNkRL4i5yFijWRzcCxFyNwAAAAAAAAIAAACnhkaxzwNMcsmFyHSdUr+FlHFjb\/uBNmRNfwAAAAAAAAIAAADyH1Q29uptBEJP+W4wPXx\/9bE3Ow7wTgJGGgAAAAAAAAIAAAD\/LEOghtOIND7Go0RUlv50ytNO3GT6jOgnUQAAAAAAAAIAAABxeAVupZn0dP1Jb5hExzbXcqT0qW0JgzCBqQAAAAAAAAIAAABYUtnIiLe7MkHBuFY0T6UGYXmUAKvmox5xSgAAAAAAAAIAAACKk46AtUsdWEaHJOu2oKg6ZQoFrY5KtaNdVwAAAAAAAAIAAAAq3wVd58394lRc8Xh4b7n5NdNK35WH\/GVtYgAAAAAAAAIAAAAB9cvs1eJeNT5V66JoDG7tEbF5DGla39pgpgAAAAAAAAIAAAB9cORoY7ss+Xwo1DFnGzt3PgraWS6uU2d+twAAAAAAAAIAAACpitNVmS7sGL+R05I+4\/GbQXHvf7G2Vt4tMgAAAAAAAAIAAAAySdqEQB2q579u083ePrH7xO2SrBI1Ox2wOQAAAAAAAAIAAAD6CcjKIGDqeq1dD8I3fA2vJhI54RLu+G5PqgAAAAAAAAIAAACsQYqq4PhWny574BusoOFbshrLGHrjFqPmuQAAAAAAAAIAAAC8sBxOvhoPwRr1hN83rfS4PJ2JEbBB8GHoRQAAAAAAAAIAAABaL1nFgCg13zZv2XqRr9o6y2fxW63cg3uKUAAAAAAAAAIAAADpsC9lcwci2Pom\/WtKofBPnWluv0PicNy42AAAAAAAAAIAAACM62zvxVs9uuPrrkvKPwExilN9rux1aZnLKAAAAAAAAAIAAAA5Cjk5P\/KIP+7UC4V6ObHB+RS\/O73aKFStcgAAAAAAAAI="}
02379{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907546,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc2g1AAEAGBonAqAGOvKXVqdgVII1UFsgX9OSPg4AQ\/\/\/56gAAAQEICicy228wkrxZAAAANFGo\/z6uJ7Abi3hfWVNEj1QESpreLDm8usMAAAAAAAACAAAAn5Fiv3MNhGlrGiyJcW6lDlRgENf24689azAAAAAAAAACAAAA3qf5dOV8Ece0wCfz3rcjQNn8iV2i+oujXDIAAAAAAAACAAAAyu3T3NWc+n7Emtw4Sp9DzpoLQmZWURUonlcAAAAAAAACAAAA+Eh4N2oeZVyT+MKgvUCWSHXCbYXh1sJjXDQAAAAAAAACAAAAjdi\/\/1Kp6JzwnsXLILVhmlGXQ4ZqxMKgNX0AAAAAAAACAAAAO8HliP9XesCS8ukGAfBIwyyd9zCB2fswZZ0AAAAAAAACAAAAvsqo6pR0voT3qNZ6UF3vwlSzpEe7M0oexikAAAAAAAACAAAAr44gQZUaQvKEACLsgTANbuq\/WAhEW7mUUl0AAAAAAAACAAAA0sMA6ru0+Xi7uxKkbRZR32QuDO3yG1bNUh4AAAAAAAACAAAAagcb+PNjlEZR2uJfagtN1smCFZqEsPHSP48AAAAAAAACAAAATCZQ4EsTCuucPnmANjCUYpEe92RJZKW5uk4AAAAAAAACAAAAfPQlXPKU\/JTfizU11C4fKQhNFxA1Spkpe4UAAAAAAAACAAAAbU05t9qvVUcOh3wOLFKB2pkOFMn2uj9aNVQAAAAAAAACAAAAdtLEOyxHwSMT16ZPmuqXd7OHRCigZaIJipgAAAAAAAACAAAALdGqkV1PhqQQvIcPuheyhCxDjy9WB+mhmSAAAAAAAAACAAAA\/R4yoTNooNK7DE5fek5G5567wVcMf+zFgC0AAAAAAAACAAAAdsKBfim4kQkrB02NwmxUTxtGEpest77N8aMAAAAAAAACAAAAbQD1EwPbZZ4sCNskT6G0pEm8Wpj2Be2zzDIAAAAAAAACAAAArNFzVmWtN2T0dnDfpPyq6FjZgl7wTNq6xyYAAAAAAAACAAAAOiLW6feqExsFNOruu5td6YOEVl2iHRP7n9UAAAAAAAACAAAAhcWpz8GA\/d+pKNbd5LeJrRmG3VP+off6340AAAAAAAACAAAAnoIgtftcS1PS1OHY6N+c5kSbD9g2664byl0AAAAAAAACAAAAdCytp5E09CsK6nkX6g44F7Tk0P0f72uE8GYAAAAAAAACAAAA1tqgYlmjIwna+gtHiFQl0AAF547iSsywa5AAAAAAAAACAAAARh+QXkqCEZFK9+NdphUjifuGyOrycz0f6D4AAAAAAAACAAAAwWnyfGnakCJftTQ5QLVNBgxUJCfCJkjvhacAAAAAAAACAAAAsN5AAQ2Cq\/ran1sJJQvg4khgJ54eKfKvZVQAAAAAAAACAAAAPTi0SHWvEOdJy8Qji\/5JwnLxQfXQC8vWj0AAAAAAAAACAAAAzz+6IsjY1IpWbIHYD55Fsrg+pVsPrmWtKrMAAAAAAAACAAAARV1q0Fb27DZJ7NmutMdlEnSBKhEV2yTq7zQAAAAAAAACAAAAO70OQaLFD61WYynQC+81\/\/G2G+8pzBCI8HgAAAAAAAACAAAABqotZj5Yzi6HQh8Rejrtr00qWnOWIK2Z2ToAAAAAAAACAAAA6hWbzAmWf2vcsAou\/Cb3jjt5y3aLExl7EsEAAAAAAAACAAAADBBghf4aRc5Q1bNoNYiebWmSVFy+Qpid0m4AAAAAAAACAAAAAHZbjuWHp40tuMxQs0D3nvFunSJxQ+RxAZ0AAAAAAAACAAAAoyRSiuAf8lrO3LVlr6xDCvr9MDT2HIZMISsAAAAAAAACAAAAX1gJgVD57qeamx+eDXSP0Vnegh\/xnV6zbI0AAAAAAAACAAAA6ZU9gW8JTg9abPJGVuuR\/+B7o99tG6znaKYAAAAAAAACAAAArjoryxXDD6QD1axKA1PKZ7Fluf8pEM7Cj8UAAAAAAAACAAAAJ0gVads="}
02380{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":909012,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXckTtAAEAGT1vAqAGOvKXVqdgVII1UFs2\/9OSPg4AQ\/\/+0owAAAQEICicy228wkrxaXHqZ1BxTHVL5qGd\/c6dAphzrrkPWAAAAAAAAAgAAAJJhTrfbpQdOm\/uqE247YlpGdYjEalIg6AkIAAAAAAAAAgAAAPSdfPpxJMw2qUY9NfcVEWYQOkGeee3304EdAAAAAAAAAgAAALr6ohUXy+6TbDRFvt0lq8M0pLr1suNrarXaAAAAAAAAAgAAAMQ5ZPZjCTVyscEHJ07NW7ANy5tyFXTxjw45AAAAAAAAAgAAAA5I7m1PBtvo7M3of56uNctat\/bYA92XO8h9AAAAAAAAAgAAAOjKLx1FRICxdUWAXv3XCosAo2QRsVhZlZuAAAAAAAAAAgAAABiNjPey8ooJCez7xYvUqLAJPOPGwy1RRpRNAAAAAAAAAgAAALzMdu+6yf+ozA96+AiYGiWKSivRXCwVQIemAAAAAAAAAgAAAK\/cqkoyX6KOmTFmsU7DtyIJ\/EOzvmpdnvZkAAAAAAAAAgAAAGjBZr\/UYwdB0KL6iSUYbzs9TxEh5PKyhirNAAAAAAAAAgAAAIJiE4B5EbAF3qKB6SZeaNlD2fmChjsWGPBmAAAAAAAAAgAAAPFQbxAziINuHsoO32VrKKjlzwsr5Ib9iblUAAAAAAAAAgAAAMO4CPlsoPBLA7lS+te0hvxapXgew8vNDkZNAAAAAAAAAgAAABj7\/rpNhNmNeY6l9SFHEQ\/Zw3KZFrz9fLovAAAAAAAAAgAAABtu1XgDL6y3kicrJbMcMQi3W3Qf1GOy6cFWAAAAAAAAAgAAAHoGdhs3JHPMX1Z+1AAZAazUZU0J7MdTAV5dAAAAAAAAAgAAACGJjlqcm9hvBGQMyKUjsi+LGgy0eLkcvD0MAAAAAAAAAgAAAO9FBhDjHO4Lfxg4LnSPHyMJxBIbisgDlBg0AAAAAAAAAgAAAG7EMuvnK2UbmjuHtozYfbaQZDrd0w0dE+YkAAAAAAAAAgAAAMKealrzNLURTWbo95g19B6dAyk1AeQ0s7ACAAAAAAAAAgAAADqKbktpBfluOfGywijBVAKpwLc9NOV6ZIfaAAAAAAAAAgAAAE41ovTk8asJkKIswlP1Nx4098UJp5VVMvZRAAAAAAAAAgAAADWeOtdlUUl+m3709kYO+6em3krg42ytPEBSAAAAAAAAAgAAAG1gXEaLYCUk37AfT3xRMAxBc5epnztHaOPTAAAAAAAAAgAAAFVBencZmqV8PYW4DTVlVWCgHfrNaNMQ2P2pAAAAAAAAAgAAAHbiKyPrDvAPJ1GeTn1al+vfZWGWah43tu6wAAAAAAAAAgAAAJTJAAbK2tRegaN8aXdu\/RKGTD8VF8PjTYysAAAAAAAAAgAAADNDqVQ4IxKoV66CB8vpEnB93LEabDD+CCdVAAAAAAAAAgAAANQCylmMIc\/llFVC4E27OU\/KHrkqQc03KGCHAAAAAAAAAgAAAGzuHplXBcQxX0OUDPsAUFYuF4aRNSTrysUOAAAAAAAAAgAAAHqH4OMdwTpm4STHKxuJckcUNC7r3Xug1AoEAAAAAAAAAgAAAJzFa\/sxDRHMv06XibQiMXTRRab+gegLbi2rAAAAAAAAAgAAAO9dG8AfOs2bSJszPquk74wVRJXXi6LBV+V4AAAAAAAAAgAAAH4HSlyxTwlP3Ij26FP2322QazeLPyr0ppC5AAAAAAAAAgAAAAacJZvfmzaNcXR9YoOEDRI3b6ZY\/B3Fcie0AAAAAAAAAgAAAGbDaJYCxqWhwk9ebMtBcZbJoTHPQBu6zX+vAAAAAAAAAgAAAIA0BZ4C5Uix+zMOi\/sLiJVPV6ojY8lFj94iAAAAAAAAAgAAABNGafpkAC7\/oFgPSriE0wbRXcUCJW4Fep8OAAAAAAAAAgAAAJGIqWp+7i5azR0XyLfAEtJne226k0vOW32wAAAAAAAAAgAAAFL7A0DB9SzH+tcfurY="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328089,"pkt_ts_usec":970465,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00569{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":23170,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00450{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":82335,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -31,7 +31,7 @@
02459{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391812,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUelAAHYGbwxFdjZ6wKgBjiCN2CBFUw7CECrhQIAQAQS58QAAAQEICgA9MW0nMubk+b602WFkZHIAAAAAAAAAADN1AACPeeze\/egD94eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ATQJGyCNG4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AlNCOCCNXKGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmD+giCNeJmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmLbJyCNv52QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AtLYiyCNfZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BUzxlyCNnYmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BamfMCCNQZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/CBqBDiCNbZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DAV5AiCNbJyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DFutkiCN1YuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DJrYQiCNQZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DKr4JCCNqZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DsjKMyCNWZqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8BYyCNN5eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8eZCCN8KOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em9ojCCN3ZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GADkqiCNepCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAQueCCNZYeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAadUyCNppKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAad8CCN8JWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAlLyyCN0YeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAvEwiCNvpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAw+IiCNzomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GA6SZCCN05GQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBI3UiCN0omQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBKADSCN3YqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBaFsiCN4ZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBeI6CCNMpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBnbPiCNzZGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBpepSCN3ouQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GChW8SCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GC4vVyCNmaSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDLKniCNl5yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDagmCCN54yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDmSHiCNlqGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDwEbiCNyIiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD2hRiCN2ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD6ilCCNioyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD\/OFiCNjImQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GEhY0iCNRJGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GE0WxSCN9Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFQOOyCN\/o+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFRGpiCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFYH+yCNv5OQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFvheSCNiZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GF3pGSCNQpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GGz+PCCNh5OQTQEAAAAAAAA="}
02459{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391813,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUepAAHYGbwtFdjZ6wKgBjiCN2CBFUxRqECrhQIAQAQT10gAAAQEICgA9MW0nMubkAAAAAAAAAAAAAAD\/\/xhtPwcgjfaakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhuSywgjauMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhvynsgjauPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh3hUQgjcOOkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh+yQEgjTObkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiA9YsgjbiUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCRnAgjU+hkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCgsAgjTiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiD\/8kgjcyMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiKeAcgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiLAhEgjfqkkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiQuT0gjSCNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiUH4UgjSOjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXUPQgjSeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXXOAgjeiakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xijXUUgjcqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ximvAUgjf+WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xituAIgjeiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xixAFEgjeuZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xi6vpEgjfOikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjAv2kgjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjA3KcgjYaikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjF+mEgjV6jkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjQWSQgjYackE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjeT+YgjU6kkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjj2DIgjY6TkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjrwJwgjcGbkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj61PIgjQeckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj7dS4gjSqPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj72bIgjZGPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yMLuIwgjemUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZs+oIgjWugkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZuBrsgjRiJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZwojggjQakkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZ9KGIgjdSTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymRaGogjZmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymxHzogjXSNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynUDiwgjfqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynobxAgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4AHE0gjceKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4pYkYgjQqJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y47ECogjaCUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6EvxIgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6SJtEgjXqjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6TlNkgjbuXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIAKw8gjVWdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIugKUgjTOJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zJahWEgjV2MkE0BAAAAAAAAAAAAAAAAAAA="}
02464{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391815,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUetAAHYGbwpFdjZ6wKgBjiCN2CBFUxoSECrhQIAQAQTD7gAAAQEICgA9MW0nMubkAAAA\/\/86CS+PII3QoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87XxLxII37lpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p46rII0pj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p8JfII0po5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88MGJ0II0WkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88Mx9\/II3TpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888G+pII1WlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888SllII0jlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888dkcII3flJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888vMpII0ujpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+EOrmII14mJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+H9clII0KipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MMoCII0CoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MdfzII3DlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+UzM7II3+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+V8ByII28o5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+m+muII04jpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+wPIJII3kpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+3UtFII1\/lZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+5MPqII2ppJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+7F4ZII14kpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8++M+pII1ih5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/fkgZII1tl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/ppzxII15nJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AD1HsII3hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFm3WII04lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFuvNII10k5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AGaDwII2il5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ANYDoII2InpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ARnQrII3nlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbsApII2Pn5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbtvCII0YkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AeVaEII0+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AhkYvII34h5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AkUKVII2fkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AlwETII2MiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AzkJiII2hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Az+2GII1JiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A0BzSII1OjZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7nxyII0mlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7rdDII1XopBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BG1DZII1SipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BHD11II1Jj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BH9CxII2fl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIEcCII1KmZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIFBNII1ZnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIn33II0diZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKEa9II3vipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKJI="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":392147,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":451340,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00452{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":554549,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -47,15 +47,13 @@
02462{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":217722,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZhAAHYGFw9KWbXlwKgBjiCN2DSvnGCfnCBEVYAQAQNezgAAAQEICgNMJH0nMu43AAAAAAAAAAAAAAAAAAAAAAD\/\/0NWXB0gjeyXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0NWmMMgjSekkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLLbQgjTOZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLrcwgjY6PkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OYOmIgjf2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oe4sogjSKVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OhVnIgjT+VkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OoiBwgjZWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OpAY0gjaeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oq3nYgjSKUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrIXggjcGdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrhTkgjeaQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrwCEgjfKRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OsEJYgjfuQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OszDUgjXWQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Os+REgjb2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OvR44gjWmMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwLEggjR2WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwxGsgjTeJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OxIf4gjaKjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0O4dIAgjVCPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PBvuMgjWeRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PFVDUgjWWJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PMAZAgjRqVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PTQecgjVKWkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PUCpggje2NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcGPggjQuRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcdGQgjQaSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PiipEgjTKYkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Pp1xwgjUmqkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PqmGcgjaqMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PxmB4gjRmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P5xC8gjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/LfYgjY+akE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/N8Agjb2bkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QEPaUgjcyZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QFbBMgjUGZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QGW7AgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QHrWggjdmJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QMFxIgjSWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QPWWwgjUGKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QhDuggjf2ZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QkU6cgjRWgkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QlQeIgjfmSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QrViwgjXuMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Q\/ZGYgjbWSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REYVogjeCckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REyYIgjfaJkE0BAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":219537,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZlAAHYGFw5KWbXlwKgBjiCN2DSvnGZHnCBEVYAQAQPGsQAAAQEICgNMJH0nMu43AAAAAAAAAAAA\/\/9EUlsgII3NlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZUKiII0dnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ83+II3qkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ\/ugII0wiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ea+XvII1UlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Eb8nfII0bnJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EcL2vII0apZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ec6ibII0JnZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Edfw7II2rj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EeW4lII1UkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkEDnII2YlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkctyII04jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ek9NnII2Ck5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElboGII0JkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElsRIII2UlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ErNkvII11kJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvBoTII0umZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvTOmII2TkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvwDMII13npBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EygJ\/II0KppBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EyhVaII3zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EzRTWII2nkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E4PZAII0tm5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5LjEII3GlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5V5RII1gipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E6HgVII2ro5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FBIiVII2LlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FHHXiII14pZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPGerII3woJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPoMMII15n5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRm9SII0ekJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRu8OII1IipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FTQiCII0zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbX8sII1ApJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbaoiII0Dl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FcEAQII1+opBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fcn4tII1ijpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fk8JiII2gj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fl\/cUII2zkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FneJLII1Go5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FnhluII3qjpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FoFR\/II33jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fpf6NII2unpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqYauII12ipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqZ5yII0Wj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FrNQzII1liZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FsKZBII01lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FslpSII2ViJBNAQAAAAAAAAAAAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":255873,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJoFAAHYGFiZKWbXlwKgBjiCN2DSvnGvvnCBEVYAQAQO9OAAAAQEICgNMJIQnMu43AP\/\/RbQFESCNTZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbTHGiCNcqWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbeT7CCNVZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rc1BOSCNAYyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RdBPbiCN9JqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ReV4diCNeZuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rec4xSCNy4+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RetVgyCNq5SQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfORpCCNlpyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfhQOCCN85qQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfmKviCNPI+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RhhpBCCN4IuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RinN9CCNDKaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjEcOSCN8piQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjRLzyCNeJiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjzAbyCN8qKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RkKd4CCNBJWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rkin4yCNUpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RklpGiCNnZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlFrGyCNeJCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlhSziCNspGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RllZBiCNJoyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rll68SCNwqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rlm7USCNBqaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RmJd0yCNf5uQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnF9hyCN5ZWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnQDpCCN76CQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnRKOiCNAo6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnxDOCCNYZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RoAF\/yCNB4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ro3A3iCNSpmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RqlXtSCN\/Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rqv90iCNgqCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrd4+SCNRYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RruWayCN+JGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrx0piCNZpWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr2AsyCNxZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr6n+iCN2JiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RusWxiCNRp6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvFKJyCNZomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvtA0CCNMpeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RwO9FCCNAaCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rw4BuiCNqqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyBS0yCNeI6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyGW8CCNEaWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyMYNSCNA6aQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyO3HyCN8Z+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyWoWiCNEIyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyqyTCA="}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":925065,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":987383,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00452{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328473,"pkt_ts_usec":77893,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
00511{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328487,"pkt_ts_usec":120277,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACNshovhACPrIpS0CABFAABxMvRAAG8GgQJCRFMWwKgBjiCN2Ff1mJ4OLY+1yIAY\/5YyzAAAAQEICgBK7fonMvBH+b602WludgAAAAAAAAAAACUAAAAXvAGWAQEAAAAYqnCtA4JeCfSWUZFYsh6sAyMBtBHVR6Y5dbVZJO1sMQ=="}
00511{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328526,"pkt_ts_usec":763444,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACNshovhACPrIpS0CABFAABxM2VAAG8GgJFCRFMWwKgBjiCN2Ff1mJ5LLY+1yIAY\/5bHMAAAAQEICgBK74cnMvDT+b602WludgAAAAAAAAAAACUAAAAOAWk4AQEAAACmU2ocFfjbk6bwRfCWT0dV1t0G5OkxndgzFqeVZZtzHw=="}
00512{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328538,"pkt_ts_usec":215424,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACNshovhACPrIpS0CABFAABxM+RAAG8GgBJCRFMWwKgBjiCN2Ff1mJ6ILY+1yIAY\/5bQbwAAAQEICgBK7\/onMvJg+b602WludgAAAAAAAAAAACUAAABr1PSfAQIAAAACQk0EsEdX9pnaln3xHefyXv4xWPTxfPvJjgAAAAAAAA=="}
00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":216,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_tot_l4_data_len":22798,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_tot_l4_data_len":22798,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00586{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328547,"pkt_ts_usec":454028,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"ACNshovhACPrIpS0CABFAACoNBdAAG8Gf6hCRFMWwKgBjiCN2Ff1mJ7FLY+1yIAY\/5Y30gAAAQEICgBK8FMnMvLS+b602WFkZHIAAAAAAAAAAB8AAADFd1QeAe2xkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/z+VNnggjfm+tNlpbnYAAAAAAAAAAAAlAAAAbpdHCgEBAAAAAJFuNNZN7lTuzzmknwSYKbRCQJGJA0EJPn0yPmuOS08="}
00511{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328570,"pkt_ts_usec":154412,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACNshovhACPrIpS0CABFAABxNJNAAG8Gf2NCRFMWwKgBjiCN2Ff1mJ85LY+1yIAY\/5akrAAAAQEICgBK8TgnMvMu+b602WludgAAAAAAAAAAACUAAABwZvzNAQIAAADeIqDjYKdDJQkrvsZjbQFePaqBy15E2soqxwAAAAAAAA=="}
00488{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":247543,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"ACPrIpS0ACNshovhCABFAABgbHFAAEAGdpbAqAGOQkRTFthXII0tj7XI9ZifdoAY\/\/8FCwAAAQEICicy9YMASvE4+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OI="}
@@ -65,7 +63,7 @@
02382{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711361,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcPyxAAEAGnl\/AqAGOQkRTFthXII0tj8bs9ZifdoAQ\/\/\/SMAAAAQEICicy9YgASvKxAAIAAABFXWrQVvbsNkns2a60x2USdIEqERXbJOrvNAAAAAAAAAIAAAA7vQ5BosUPrVZjKdAL7zX\/8bYb7ynMEIjweAAAAAAAAAIAAAAGqi1mPljOLodCHxF6Ou2vTSpac5YgrZnZOgAAAAAAAAIAAADqFZvMCZZ\/a9ywCi78JveOO3nLdosTGXsSwQAAAAAAAAIAAAAMEGCF\/hpFzlDVs2g1iJ5taZJUXL5CmJ3SbgAAAAAAAAIAAAAAdluO5YenjS24zFCzQPee8W6dInFD5HEBnQAAAAAAAAIAAACjJFKK4B\/yWs7ctWWvrEMK+v0wNPYchkwhKwAAAAAAAAIAAABfWAmBUPnup5qbH54NdI\/RWd6CH\/GdXrNsjQAAAAAAAAIAAADplT2BbwlOD1ps8kZW65H\/4Huj320brOdopgAAAAAAAAIAAACuOivLFcMPpAPVrEoDU8pnsWW5\/ykQzsKPxQAAAAAAAAIAAAAnSBVp21x6mdQcUx1S+ahnf3OnQKYc665D1gAAAAAAAAIAAACSYU6326UHTpv7qhNuO2JaRnWIxGpSIOgJCAAAAAAAAAIAAAD0nXz6cSTMNqlGPTX3FRFmEDpBnnnt99OBHQAAAAAAAAIAAAC6+qIVF8vuk2w0Rb7dJavDNKS69bLja2q12gAAAAAAAAIAAADEOWT2Ywk1crHBBydOzVuwDcubchV08Y8OOQAAAAAAAAIAAAAOSO5tTwbb6OzN6H+erjXLWrf22APdlzvIfQAAAAAAAAIAAADoyi8dRUSAsXVFgF791wqLAKNkEbFYWZWbgAAAAAAAAAIAAAAYjYz3svKKCQns+8WL1KiwCTzjxsMtUUaUTQAAAAAAAAIAAAC8zHbvusn\/qMwPevgImBolikor0VwsFUCHpgAAAAAAAAIAAACv3KpKMl+ijpkxZrFOw7ciCfxDs75qXZ72ZAAAAAAAAAIAAABowWa\/1GMHQdCi+oklGG87PU8RIeTysoYqzQAAAAAAAAIAAACCYhOAeRGwBd6igekmXmjZQ9n5goY7FhjwZgAAAAAAAAIAAADxUG8QM4iDbh7KDt9layio5c8LK+SG\/Ym5VAAAAAAAAAIAAADDuAj5bKDwSwO5UvrXtIb8WqV4HsPLzQ5GTQAAAAAAAAIAAAAY+\/66TYTZjXmOpfUhRxEP2cNymRa8\/Xy6LwAAAAAAAAIAAAAbbtV4Ay+st5InKyWzHDEIt1t0H9RjsunBVgAAAAAAAAIAAAB6BnYbNyRzzF9WftQAGQGs1GVNCezHUwFeXQAAAAAAAAIAAAAhiY5anJvYbwRkDMilI7IvixoMtHi5HLw9DAAAAAAAAAIAAADvRQYQ4xzuC38YOC50jx8jCcQSG4rIA5QYNAAAAAAAAAIAAABuxDLr5ytlG5o7h7aM2H22kGQ63dMNHRPmJAAAAAAAAAIAAADCnmpa8zS1EU1m6PeYNfQenQMpNQHkNLOwAgAAAAAAAAIAAAA6im5LaQX5bjnxssIowVQCqcC3PTTlemSH2gAAAAAAAAIAAABONaL05PGrCZCiLMJT9TceNPfFCaeVVTL2UQAAAAAAAAIAAAA1njrXZVFJfpt+9PZGDvunpt5K4ONsrTxAUgAAAAAAAAIAAABtYFxGi2AlJN+wH098UTAMQXOXqZ87R2jj0wAAAAAAAAIAAABVQXp3GZqlfD2FuA01ZVVgoB36zWjTENj9qQAAAAAAAAIAAAB24isj6w7wDydRnk59Wpfr32VhlmoeN7busAAAAAAAAAIAAACUyQAGytrUXoGjfGl3bv0Shkw\/FRfD402MrAAAAAAAAAIAAAAzQ6lUOCMSqFeuggfL6RJwfdyxGmww\/ggnVQAAAAAAAAIAAADUAspZjCHP5ZRVQuBNuzlPyh65KkHNNyhghwAAAAAAAAIAAABs7h4="}
02382{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711410,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcJD9AAEAGuUzAqAGOQkRTFthXII0tj8yU9ZifdoAQ\/\/+PywAAAQEICicy9YgASvKxmVcFxDFfQ5QM+wBQVi4XhpE1JOvKxQ4AAAAAAAACAAAAeofg4x3BOmbhJMcrG4lyRxQ0Luvde6DUCgQAAAAAAAACAAAAnMVr+zENEcy\/TpeJtCIxdNFFpv6B6AtuLasAAAAAAAACAAAA710bwB86zZtImzM+q6TvjBVEldeLosFX5XgAAAAAAAACAAAAfgdKXLFPCU\/ciPboU\/bfbZBrN4s\/KvSmkLkAAAAAAAACAAAABpwlm9+bNo1xdH1ig4QNEjdvplj8HcVyJ7QAAAAAAAACAAAAZsNolgLGpaHCT15sy0FxlsmhMc9AG7rNf68AAAAAAAACAAAAgDQFngLlSLH7Mw6L+wuIlU9XqiNjyUWP3iIAAAAAAAACAAAAE0Zp+mQALv+gWA9KuITTBtFdxQIlbgV6nw4AAAAAAAACAAAAkYipan7uLlrNHRfIt8AS0md7bbqTS85bfbAAAAAAAAACAAAAUvsDQMH1LMf61x+6th\/o8N8aHkr7wr8ECQcAAAAAAAACAAAArKo3+zDpxlL2nEP\/3d1oS9iutturX4B52nEAAAAAAAACAAAARfzjwiPeZ0flmgweGmX2tJVQwL8MvknAoykAAAAAAAACAAAASB5euyMIlfGEtj3qEE5TYjHr2z1bccGqn4cAAAAAAAACAAAAeVnBbHwqpKyK1rcCdXTEWJntYcK3okUpOTQAAAAAAAACAAAA5KgJjoa5ei\/vYUOuWIWTRjHK3LfoehnZHCgAAAAAAAACAAAA5IbidwMDw5BgR15kcqqEoL2z3qC2QzUvTL4AAAAAAAACAAAAdkBslBkKiy3\/LmRyFa86NDmuE7G6H352Tb8AAAAAAAACAAAAhP085R0B6efS4IxDBy\/OsTK8Kqga2MJ5PbcAAAAAAAACAAAAO02KVrR6aE2rfE+ZFdYPcOTmaqRkWQZS6qwAAAAAAAACAAAAf5Y6XGhmU49OzkTrh1iU1guiCZCVvcOZYy8AAAAAAAACAAAA4NoGbNcr1NNbzpyDtUfMmpVsQUyJj1203NQAAAAAAAACAAAAyc3j05VK8McSh\/T0XvY3yMLZ0UOY6GQdhU4AAAAAAAACAAAAe1098SMwfT8bLgiHrFJ0MbhlWXMd\/4agSDwAAAAAAAACAAAAqgwFqWUyklZ7fPjvSnfO1R619bvAQk7g5J8AAAAAAAACAAAAIiwS6RZvsmDWMdAA6GTGKsp8Iyxxknayuh0AAAAAAAACAAAAPTVzJGF4TyrxgaUSCX8Jut\/vdKByuQhlGMIAAAAAAAACAAAAwp9Cm8B2W7AD54HiaJ+JRuLynlAjoS380B8AAAAAAAACAAAAc20bFearSkapJgTgs9ecd1xBog0bdmvDmncAAAAAAAACAAAAvbaZ9Jy3L747GMKaga0N06XTw7JKDSRzuUgAAAAAAAACAAAAwnWTLeXALAn5w522q9P6YECo3KeVee1+AskAAAAAAAACAAAA9g09piEVm9shum6Wx\/vXXRX2dYjcZRZndg8AAAAAAAACAAAAblpXvCT19Mg7oMJUKnA5eS6MrHg1EaY1GTMAAAAAAAACAAAAtmRuSOhKGer96r4S5OxzpmyFeRRnsLhls9gAAAAAAAACAAAA03L1iEnzDxJ+X\/J1L0686vfCTgcl9fSiPTYAAAAAAAACAAAA\/HRKISCabq0Vp7Sd0UrVPJNd7ay6JPNmFYkAAAAAAAACAAAA3uU\/6OpiQVvuxrqCp5kNJ5MWMjwuAiyIkzUAAAAAAAACAAAA6YxFzypDqvOqMmmO28qUmZtxNZcaEvdNsSIAAAAAAAACAAAAjmtOep5Jyv5WwgTsbq+ENSueNskEjU\/pz7oAAAAAAAACAAAAf7o6uor2Pud9ASRI9Ci5qBCvf8cdKTVwxJIAAAAAAAACAAAA0PTviA2h0VgW0JA="}
02382{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711425,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcTRJAAEAGkHnAqAGOQkRTFthXII0tj9I89ZifdoAQ\/\/+W6wAAAQEICicy9YgASvKxEtbia+zAFosRvZlvRWFdAAAAAAAAAgAAAK+N8wyz2+NyPC3uk2aC4K9BtrDiHxRn9pIpAAAAAAAAAgAAAI4oDWrqj19GZPIOEvbFhc+FeqUzigDwvsoSAAAAAAAAAgAAAAwX5EqvP3lTY6y+Y4WfFvLo8Wlb7gEIqk3FAAAAAAAAAgAAAKq4BMkaJPJW7ZO+o48CmY4dstKhXSuc4wS3AAAAAAAAAgAAAGehpd\/+j1eZfGi4sjd1NPkjk5aSHzeJZcIsAAAAAAAAAgAAAAjBZdUstdgIEQbRTbWr6I8hCehe0L9HyHg2AAAAAAAAAgAAAAIujaIuPzWzMwT2x8KwfoDGZuYy6w53x3qdAAAAAAAAAgAAAIV1Sc5NbUWv3lMm18LaG38MNWngifDemeQLAAAAAAAAAgAAANh5afRkPt2LVvqFCh2wDgjwZYR9WsDBT70BAAAAAAAAAgAAAEu686rHaCUU9lgnwUKVYxb6ND4tbABowLp6AAAAAAAAAgAAAJoekg5hnUdVhxDiuO4pCFiJNlZhZHh2gNGhAAAAAAAAAgAAADQVeJHeUb0JawS0q1oGY7hw6kEG0y9VAljOAAAAAAAAAgAAACZb\/tBE9BuBKW\/R61IJFrqA3LzhWTm+AwqVAAAAAAAAAgAAAKhPcwdELPBw5qHr+Nt30PbvRjDlgCWmmgKIAAAAAAAAAgAAABiQc59fQOKO5NJxxpRkoHe\/kjTN4bNq8RykAAAAAAAAAgAAAJfBeBEgW+DRP9id8mrxfkO8jnnVXMHqfXAiAAAAAAAAAgAAABBXCIVoKFDJxvVK7JR9zIZRrnrIvgC3NS8sAAAAAAAAAgAAAMIWv8HUSmiQrylpM70T6xFSwGai5UQ\/iRdfAAAAAAAAAgAAAMOD\/4A1xzCPrVUH8uPi+LbG\/8dxG\/yo7OtpAAAAAAAAAgAAANXRq4OleHWPB1XjK2hS+JU6vZInIH1P6k9YAAAAAAAAAgAAACjCbLNR7uZ40saHM6n5a83mw74PjUR+8tkJAAAAAAAAAgAAAMm7GZ8nVpaoW8+QH44jWZ\/3jZzBQiuEkkgXAAAAAAAAAgAAADOuloceXtV5\/WD7yN+wCcKKHUORl5YQGIYLAAAAAAAAAgAAAFR4YTNLv\/tOGdZZwHowmnUao3Z4dXzI5n+WAAAAAAAAAgAAABWoZ3QgEsq2F+08TICFiBBZslLLbOJzVBlJAAAAAAAAAgAAACfyAic0uO09\/h6sBmT5HdrHQe6XINUmmLIUAAAAAAAAAgAAANyF3AEQwOfXIOsNvpsIt4FJRQs4Rs7xti+WAAAAAAAAAgAAAHnVEK6Nkwoo9ATeHtFauKbkCZhn5l8ov8NlAAAAAAAAAgAAAAgEDuvLL04YGUh58QlrbLS630gILBMLNnWMAAAAAAAAAgAAANjATLDiGQXgWpPKbnsXTv\/7z2OjohpGTf8cAAAAAAAAAgAAAPHDDqAu5BtThheJpjtS0EQmcpwPO\/JLBn26AAAAAAAAAgAAAJ4LZFri6DXBQPdjJOPqIJdHXbSs6hIDJSRiAAAAAAAAAgAAAF4cmmcnuYHX7JX\/e8whhI8Anl7EmX1Uol7DAAAAAAAAAgAAAJVbzfHr5cRnQn2JRfkfPD9ObptrnH76MXB0AAAAAAAAAgAAAO5QxZ6yN8BpLlqdbynfw9B8x3J7esapJqWwAAAAAAAAAgAAADm0EvV4HVRE1W5mO7JnxVLLrvi2o07gaBA7AAAAAAAAAgAAAO5995F4t6IbrRFOIJ1eb4mgkTe+ee5TrqwhAAAAAAAAAgAAAI8qiGDXHXsjExspqHTqpKlS\/2C\/6Gevr4d+AAAAAAAAAgAAADrpi2NFLURr3H1xE4pY6mqIPsxPlafbX5SQAAAAAAAAAgAAAMug60RTMRGrrs5PR2eZr8shyTg="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":728375,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00572{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":856583,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00452{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":969841,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -81,9 +79,7 @@
02231{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328741,"pkt_ts_usec":904043,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"pkt":"ACPrIpS0ACNshovhCABFAAVpWp1AAEAGRC\/AqAGOw9oQsthoII1BDYi74yO6GoAY\/\/IcLAAAAQEICicy+sQAADKGAAIAAADY5Jv9Wp5Y\/VlK7zn+M3psyO6v58ocr1gjXwAAAAAAAAIAAAAj8y\/VFduFnfS\/W1tJVw9BqvcP+Ga\/L7DxpQAAAAAAAAIAAAAdulorUZ0r1Bp5qvW6n69WNVmqFtc2o7nuIQAAAAAAAAIAAACF4EsrriG\/Bg\/avUsxsnIUfzWxYyP7H8KiVAAAAAAAAAIAAAApMlJSuruXNQJ7E3j6VqJtU3vB+nvF+jwqLwAAAAAAAAIAAAAU7wWylRiKT\/t4gncKZvvlTkJ8DIDqwpvGEwAAAAAAAAIAAAD8xxgHVYziGdILD9iQ3prYr72u\/hAy6BC9dwAAAAAAAAIAAACTmXkCJ1IZc1TVCwpGVRao2iznUJO185KD5QAAAAAAAAIAAACBrhd1Wx3sR3wtVZklG7lWj2m57BQ4waFRfwAAAAAAAAIAAAAplaMAc59KTILzEbWvcjOLcBgzWeNtIfvnxQAAAAAAAAIAAADdRkXGEpZzojHNFWqS2mbbQ8escZ8u7GwkDwAAAAAAAAIAAACiGpPD2anVXmVX51ZmiapNqv8MBUZb81v3YgAAAAAAAAIAAAAveyvKJQJnlZfzL+\/VNoZSq25Pa+MOTMF8IgAAAAAAAAIAAAAAYAfEddAhL+QxG+1YfbZAiOyScjI70T1mAQAAAAAAAAIAAADDlkoOm43jthXUl89SoydtGxsVamIkHDRQ6gAAAAAAAAIAAACjoXYnqgVTWl95XjR5C0xXPz6nwE7Yk0jcjAAAAAAAAAIAAADCR9WKDbDxORMbL+vCle1i2Z7xWbJ+Yl9OUQAAAAAAAAIAAAAuMJir\/wxm8Rl6WlLgD45t5fApksy\/2k0ASQAAAAAAAAIAAAD9w92hC+Pr5XxNHUnNj\/JUifYpKT+YfFyqYAAAAAAAAAIAAADIE4l07qncQPmkE2WdezFAXjIicNDHHDNLMwAAAAAAAAIAAACnX5pJsvIfYbXMXP98w+eMXM64pS5r1Tvc1AAAAAAAAAIAAAANXn+pUFty9m8JNxoUo+Ydy+uIfYHaXBxKBwAAAAAAAAIAAACiDiTBYx8c7bEKFbZqQGbuSvQbD7y2takz4gAAAAAAAAIAAAAPcUg68CObZPUfwPMdVy2SA6O0rWDt9eawCQAAAAAAAAIAAADqrR\/3MdSq8qfxib4ya2e9RCt5VwCbXeJzggAAAAAAAAIAAAD5OvOCDWK8u0\/V239MWlC7gFWosSybYCEhlgAAAAAAAAIAAAD6Wgpf3zEkEw34629N6KE\/5yJ5ArEORx8RlAAAAAAAAAIAAACueQIT9wQlfthpG6x8cqYrfudb\/2EX9p5r3wAAAAAAAAIAAABcWCay6ewzlVfP9qTq6DD6hxVBRpAhIWoSiAAAAAAAAAIAAAAUGJCFgf8XbmZs+AoOz5ps5ceOkDHIKYgjbgAAAAAAAAIAAACMdLfoHXtZIC95N1dOOZG0IVr9sKfUDcI34QAAAAAAAAIAAAB2ddp6YyatHmLm7NKZpu6pyevVyw+3+tJ5ZgAAAAAAAAIAAACAZtgQU1Rchqkb+uMisrXy5eAYxPzOgIh0HwAAAAAAAAIAAADnyOKsbXngA6pszznyHxrwURyEjFmXrkKAigAAAAAAAAIAAAAPZU6E4uOdc8X9iSxXWroXE1qYYfjeuqzKRwAAAAAAAAIAAABpQUMlHnlok86akaHiVT\/mFi59FmSc7k0X8gAAAAAAAAIAAAC6RXEw4hRQEPMKqEsjA1v0qVL+N+wky+uT0AAAAAAAAA=="}
02460{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":100003,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB51AAHUGYbzD2hCywKgBjiCN2GjjJCWSQQ2N8IAQAQTtnQAAAQEICgAAMv4nMvrPAAAAAAAAAAAA\/\/9OZhMCII1fp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OaTyqII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oak4KII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ObbYrII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OgMTJII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OibIBII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oj4sMII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ok01XII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OmluBII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PQ+u9II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PRuXOII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PWFH5II1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PYWlEII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PZysAII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pb+qKII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcDUsII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcHKJII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PfD5SII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PgRhjII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PjJQTII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PpBoMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pqw2rII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ps8qYII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PtblHII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PzG9HII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P0EZ6II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P\/knSII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA02HII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA5drII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QHtqMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QKtbLII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QOMSbII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRCrkII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRuxGII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QR4dUII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QSEnQII35vrTZYWRkcgAAAAAAAAAAM3UAAO3uR5P96ANep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QWUxSII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QZZdZII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qf5LXII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QqwaJII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsJT0II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsZMiII1lp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QvWeGII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QwaTGII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyl23II1kp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QymOOII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyt1KII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8="}
02462{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":131888,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB55AAHUGYbvD2hCywKgBjiCN2GjjJCs6QQ2N8IAQAQRnRAAAAQEICgAAMv4nMvrPUMtdtiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UMv5tCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNW6PiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNkerCCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNoQyCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNzYxiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN0dSCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN01MyCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN6CESCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN\/eXCCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UOskVSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UTk33SCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UVjeMiCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWuW\/CCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWyc4yCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UW37PCCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UYoMSyCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZDx8yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZExAiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uafu7iCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua6aSCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua+D+CCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UbKHmiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ub9iASCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcH7AyCNVYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgHZSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgWpyCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UeapJyCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UegJwSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UerxUSCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgI56yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgdeYSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UghK8iCNX6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ug0QPSCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhAfoSCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhBs8CCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhxcFyCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiA7RCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiM06CCNY6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UilhHSCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiuZ9SCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uix\/9SCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ui4++yCNZaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkMkpSCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkTZDiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkXVniCNYKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkZgGSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ul+wDyCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UmM0OiCNW6c="}
00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_tot_l4_data_len":186584,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1342,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_tot_l4_data_len":186584,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1342,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00574{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":767401,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00572{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":813916,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00562{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329305,"pkt_ts_usec":5443,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
@@ -99,12 +95,16 @@
01870{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329452,"pkt_ts_usec":712485,"pkt_caplen":1127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1127,"pkt_l4_len":1093,"pkt":"ACNshovhACPrIpS0CABFAARZDTBAAHQG1Ya4OqV3wKgBjiCN2L80MwsxLLUZT4AYAQHM7QAAAQEICgBWFqsnMxZ++n6+MXdJ4u+twdkAAAAAAAACAAAA4BAp+E5t3fS408bFqpE\/\/hkfWcf\/zfqjsSMAAAAAAAACAAAAIfi7dhvcEdCBSNSxRq5Hm6R9wZrQayfYcl4AAAAAAAACAAAAHMtkV8QTp9IoDHGKNgOG0XWJOUzCLcCG1ooAAAAAAAACAAAAspqp8Za6fkh6Z\/bk8M\/lDCL9JGw9rp2yIgMAAAAAAAACAAAANkOEl+sX7xUI3Nd0J07eBc7racPQUz3PEC4AAAAAAAACAAAAl5K8Hydtr+3R296ltOG1eAvrVsJab5yOV7IAAAAAAAACAAAA6f5FMFep8IMaloV0PabEOSL8qMJK+TrLHVoAAAAAAAACAAAA24myD4vHq\/HO6OzbjFefT\/YSFwl5pZF5qXgAAAAAAAACAAAAd9SYBXQsqh7m1St16FFO6Rg8EW\/SRSMgBE4AAAAAAAACAAAAyeoaNnxM6RcNDykulfymi3EoTRyecsgs4kwAAAAAAAACAAAAMBaoNlda28fwPeD55ImDakJDCofgRs7fGxcAAAAAAAACAAAAQ0zQpFBY+vD7A+MBLFWG2lHwGYE0AT5mZTQAAAAAAAACAAAAayK0b\/8KK0Ik6bTCIrR91I5J\/pqn6PJDA80AAAAAAAACAAAAOps8JKFEM7olbQ82oOr+msKxdCiS8Z9G6G0AAAAAAAACAAAAl4ulFuAOeouIhQvRHKZ51s0k1m9ntFNzkzAAAAAAAAACAAAAKrdbM40QuqIihsksc8BXhg4Eu70MzPZFoPEAAAAAAAACAAAAztQuJbCVvsVMJ2tPBuiN7I0HTV1\/kUqnYrQAAAAAAAACAAAAyW0FjhwgD\/VfNzGDGcXdN9ufgnALxTxNLUAAAAAAAAACAAAAohaiXHMEESUpOqZPu4KD+TAoztB2q6hvLioAAAAAAAACAAAA8Gn\/NdxL4xH\/hgO\/wfKa0bJ1nGjvVn0hWEYAAAAAAAACAAAAPWe2sZ66IMqkxTA\/4bmb62fFY5dtRACLcUkAAAAAAAACAAAARIHwm4wncIDZTlzJWkkMmEK6LcyGkmXREegAAAAAAAACAAAACieUYGaByb97j7\/Bv\/pr1clbrb6QxY+RHY8AAAAAAAACAAAAnIBUFcPI7oNWjreyJ6bdnFB04xA1Q\/hJ1oUAAAAAAAACAAAA\/vBv+voVdlPr8GRHgS6vEp\/UYi3gD3xDbEYAAAAAAAACAAAArecNbP5tNl6fBXg\/l6JeAj56WZCX17wue54AAAAAAAACAAAAXM8eXOjZ2Yo157oy9cd1Og7GkzRim899UrUAAAAAAAACAAAAy6P7Cxfs6k++VTFzmbisuT7u10INTy11WgUAAAAAAAACAAAA2a+CgrTYJEAL3z44pyE+y+tld\/QwzBgjwMYAAAAAAAA="}
00514{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329459,"pkt_ts_usec":907535,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACPrIpS0ACNshovhCABFAABx3JpAAEAGPgTAqAGOuDqld9i\/II0stRlPNDMPVoAY\/\/++0QAAAQEICiczFsgAVhar+b602WludgAAAAAAAAAAACUAAADz4eNcAQEAAAAYg4ufJ32yLdAwF+WR3fXVdidlMCL1gr70pTNlRjPDUw=="}
00510{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329480,"pkt_ts_usec":211491,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"ACPrIpS0ACNshovhCABFAABrS6VAAEAGzv\/AqAGOuDqld9i\/II0stRmMNDMPVoAY\/\/\/9ZgAAAQEICiczF5MAVhmU+b602WFkZHIAAAAAAAAAAB8AAAADTXMNASC2kE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/206XacgjQ=="}
00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_tot_l4_data_len":157645,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":916,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_tot_l4_data_len":157645,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":916,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_tot_l4_data_len":78705,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":661,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_tot_l4_data_len":78705,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":661,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_tot_l4_data_len":3548,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1093,"flow_avg_l4_data_len":131,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_tot_l4_data_len":3548,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1093,"flow_avg_l4_data_len":131,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_tot_l4_data_len":110136,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":684,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_tot_l4_data_len":110136,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":684,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test"}

152
test/results/bittorrent.pcap.out
View File

@@ -1,51 +1,51 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":246718,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01302{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":465293,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":550422,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
00608{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00616{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":858917,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01260{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2405,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00627{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2492,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"LFbcjDU0xCwDBkn+CABFAADK\/idAAEAGAADAqAEDUjlhU86Xz5EMkOiMIylXIoAY7zF19AAAAQEIChnb8wcAFHn+aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpSOWFTZQAAAAEP"}
00444{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2632,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCeFJAAEAGAADAqAEDUjlhU86Xz5EMkOkiIylXIoAZ70J1bAAAAQEIChnb8wcAFHn+AAAAAwmf\/wAAAAMUAwA="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":259674,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00541{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":318758,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01337{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391655,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00606{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391790,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"LFbcjDU0xCwDBkn+CABFAAC41NtAAEAGAADAqAEDU9i48c6fyNXli2mfSWt9n4AYK9\/PHwAAAQEIChnb+G54G0dGaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpT2LjxZQAAAAEP"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441455,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441488,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00547{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":680695,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01300{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689018,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00601{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689132,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"LFbcjDU0xCwDBkn+CABFAAC1EEdAAEAGAADAqAEDTzXkAs6gOSOymih3I+P32oAYmvb1igAAAQEIChnb+ZYAAH2qMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpPNeQCZQAAAAEP"}
00447{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689263,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABC3FpAAEAGAADAqAEDTzXkAs6gOSOymij4I+P32oAZmwf1FwAAAQEIChnb+ZYAAH2qAAAAAwmf\/wAAAAMUAwA="}
00448{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":170199,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCmoJAAEAGAADAqAEDU9i48c6fyNXli2ojSWt9n4AYK\/LOqQAAAQEIChnb+3R4G0d8AAAAAwmf\/wAAAAMUAwA="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":233620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00582{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":293627,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01263{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357464,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00599{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357569,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"LFbcjDU0xCwDBkn+CABFAACxx\/1AAEAGAADAqAEDlxpfHs6hWJHZNtX8fkyVyoAYJmO4hwAAAQEIChnb\/CoRKfe8dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcaXx5lAAAAAQ8="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":452512,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00591{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":153525,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"LFbcjDU0xCwDBkn+CABFAACrZhpAAEAGAADAqAEDlxpfHs6hWJHZNtZ5fkyVy4AYJnO4gQAAAQEIChnb\/0ERKfrcAAAAAwmf\/wAAAAMUAwAAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":321042,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00571{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":481962,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01274{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641866,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00605{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641981,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"LFbcjDU0xCwDBkn+CABFAAC2nnFAAEAGAADAqAEDxmSSCc6n6wMx0m183F515IAYZnkawgAAAQEIChncASMB8nFWZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMjp1dF9yZWNvbW1lbmRpNWUxMDp1dF9jb21tZW50aTZlZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6xmSSCWUAAAABDw=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":675839,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00446{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":78142,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCIPVAAHYGyZfGZJIJwKgBA+sDzqfcXnXkMdJt\/oAYAQEO9wAAAQEICgHycYEZ3ACEAAAAAwnrAwAAAAMUAwE="}
00590{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136116,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00570{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136499,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"LFbcjDU0xCwDBkn+CABFAACdvFdAAEAGAADAqAEDU9i48c6fyNXli2oxSWt9n4AYK\/LPBAAAAQEIChncAw54G0oPAAAAZRQGZDg6bXNnX3R5cGVpMGUzOm51bWkyMGU2OmZpbHRlcjY0OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl"}
@@ -54,26 +54,26 @@
00438{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374421,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xCwDBkn+LFbcjDU0CABFYAA7Gf1AADIGX+tT2LjxwKgBA8jVzp9Ja32f5Ytqm4AYEB4d7AAAAQEICngbU7QZ3AcQAAAAAwnI1Q=="}
00484{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374553,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"xCwDBkn+LFbcjDU0CABFYABcD45AADIGajlT2LjxwKgBA8jVzp9Ja32m5Ytqm4AZEB6lPgAAAQEICngbU7QZ3AcQAAAAAxQDAQAAAB0UBmQ4Om1zZ190eXBlaTFlODpjb21tZW50c2xlZQ=="}
00447{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":590592,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFAABCWLhAAHIGbLK+Z8M4wKgBA7YpzqY3Rp8Zk9Uw2YAZAQFLnQAAAQEICgC\/bJ8Z3AbVAAAAAwm2KQAAAAMUAwE="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":358684,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":533855,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":879822,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01259{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888825,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
00630{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888918,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJ6cdAAEAGAADAqAEDUjlhU86qz5GeFCr+34MkuYAY0oJ18wAAAQEIChncDb8AFHy2dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlI5YVNlAAAAAQ8="}
00456{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":889121,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH5SFAAEAGAADAqAEDUjlhU86qz5GeFCuT34MkuYAZ0pJ1cQAAAQEIChncDb8AFHy2AAAAAwmf\/wAAAAMUAwAAAAABAg=="}
01414{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":129053,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":234548,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":240646,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":265759,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00554{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":295037,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00571{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":314407,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00949{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":341953,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
@@ -81,38 +81,38 @@
00642{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":379692,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"LFbcjDU0xCwDBkn+CABFAADRiRFAAEAGAADAqAEDlxpfHs6vWJEERbYz8qKrG4AYJI64pwAAAQEIChncD6ARKgtUY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6lxpfHmUAAAABDw=="}
00661{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":393811,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00458{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":394012,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHP2VAAEAGAADAqAEDl0j\/o86w6hjbuZX6\/XvsloAZKEhY0QAAAQEIChncD64AaNAEAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":407300,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":622629,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00456{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":169825,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHu31AAEAGAADAqAEDlxpfHs6vWJEERbbQ8qKrG4AYJJ+4HQAAAQEIChncErERKguWAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00493{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":244642,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"xCwDBkn+LFbcjDU0CABFAABjNRhAAHUG5CNSOthzwKgBA5Whzqv4VNChMb0e+YAY+6GlEwAAAQEICgCERrEZ3A98AAAAAwmVoQAAAAMUAwEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":336620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":513452,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":582427,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01309{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697499,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00666{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697619,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"LFbcjDU0xCwDBkn+CABFAADktcxAAEAGAADAqAEDxmSSCc6z6wOon+wFBozYFoAYZUAa8AAAAQEIChncFLoB8nNNbmx5aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OsZkkgllAAAAAQ8="}
00538{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":23540,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00447{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":34844,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCbrhAAHYGe9TGZJIJwKgBA+sDzrMGjNgWqJ\/stYAYAQF3lwAAAQEICgHyc3EZ3BQDAAAAAwnrAwAAAAMUAwE="}
00599{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":175253,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwJkxAAEAGAADAqAEDxmSSCc6z6wOon+y1BozYJIAYZVEavAAAAQEIChncFpQB8nNxAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":229541,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":119,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":285065,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":119,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01294{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324542,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
00659{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324595,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADe4MhAAEAGAADAqAEDlw8wvc61t5l0EJEh2E\/DpoAYIOSKSAAAAQEIChncFyZLXJjmMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcPML1lAAAAAQ8="}
00457{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324725,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHCeZAAEAGAADAqAEDlw8wvc61t5l0EJHL2E\/DpoAZIPWJsQAAAQEIChncFyZLXJjmAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
@@ -121,12 +121,12 @@
00482{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":954819,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"xCwDBkn+LFbcjDU0CABFEABafuBAAHYGa5TGZJIJwKgBA+sDzrMGjNgkqJ\/tMYAYAQFDwAAAAQEICgHyc80Z3BaUAAAAAQEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
00477{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":955018,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"LFbcjDU0xCwDBkn+CABFAABWJDVAAEAGAADAqAEDxmSSCc6z6wOon+0xBozYSoAYZVEaYgAAAQEIChncGZoB8nPNAAAADQYAAAMwAACAAAAAQAAAAAANBgAAAzAAAMAAAABAAA=="}
00599{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":174644,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwZdxAAEAGAADAqAEDvmfDOM6ytinSUvcrM6byOYAY+3dD7gAAAQEIChncGnQAv35iAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":413724,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":422152,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
02384{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574300,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+LFbcjDU0CABFEAXUB15AAHYG3ZzGZJIJwKgBA+sDzrMGjRYqqJ\/tU4AQAQG8XgAAAQEICgHydAoZ3BtZaj4Otodbsp7HwOrWkU\/l\/Z5dQRXljshJbIjPWf0VHO+Ec\/y3FSyWmsRQp46nPFKjHG0PZVKmHo4Ws8XSdOtRrVKmJnR9tRw2Lpv2cqWKq0cLhavn8Z4TA47AUc0w2JUa8KcqFaOHSq4mphalRSnRgqWW4rMcRVoVlTxLjhcVQhTjSqylNP2UpfjD8Y9M+FMPxh8eeE\/2dfFGreIvh5Z+Ob+1+HWva7HJFrGoQXll4Y0qLUPt9lNJ9p0PRruPVIbL7XokxuNNkKWcEt1MzV5X4b8ReJPB9i0eiXZ0eOz8PS25vdA1zUNNkl8O2mtaPexzW+npqYtl0rW4XtzM7G4E0zD99LvmtbT97JvGn7OX7VnjbVf2XU\/Zo8UfBr4TfB7QLvxb4H+Oa+A7bwv40+FureGxDqPia1vNHn8F6fNZeFdZuNVsZjBd6\/rjX1iWe4NnfQWZs\/52dJ1YWWn6bfvts47nSbmzuZi0hha0GlWclraxwaTLctcweTE63KShXCT3b3SmdPOr7TJ86eYT+sYanicuzjKKWHxLwmIoqhiaeLxU8XisJOlUy+nQoS9uqHtfYUVzUMbXlh62FpqVFT97hLO8f7D6nmeFqYSeFoUZSk8RXqrEYKqsWp42pOLwTWJxSVaNenUw1J03Gph68K1oTh+j+s\/AP4kftGa7YeLvBem+H7D4cx+GdGtrS7l8RNq3h7wk04uLK80v7dbiTWk1f7WEWeSTRbiManb\/AGkAAEAJBwAAAzAAAMAAeEyvA55bwvDrn7OWp+NvDvjLxNdWevWVzfx+DLLw9p9j4rsrjxrd2V1dnx54eW9vdP0e3l0G0naO9MlidRjaUkWqSOZIcnwV8SNTn\/Z51DSfh20PhbxB4Q8Q2tzqslhf30fiu40PWdfbUdKvI7HSLhEZhBHdSRXhjuYLeOAbkt2jjNfMt\/r\/AIt8R6qza7rHi7Ufs1nf5jtFuNQi0rToNEvNVurWzttMms7B4UkUPLcJaw2t2qvO03mMxr188w1THZVl2PxGcYlLMcup4RYOvQVaVLD4GnHKq86+Yc+PeOhmlClTq4zDOMalPKczw7o151Y8tf8AccbnPCuVQwtbJOHpw4qWI\/tivm6qwp4SrDOIQzGeBwGUYTJsslgYZVWxCwtLEYbM7RxmFxTwbpupQeGi1W5uZLi\/v7p73VtcmmtNUtdXuxaahJa2M2qW8ems1ml1dQXd85aQyaXerMqy3ETXEoEQlT2D4H\/G7xx8Kri58J6APhX4SuPG3inRrnXvEHiXwofEV\/oUenmw0rTri8NhqWtTDwtoDJJfXlvFpU9yFMjoXVAG+frtJ47WwtdWOu32n3drb6ZPYTCyuna3jkiW7\/s2e4WFIpVS5jEUb3NxDHvLSSqIRnuvBF5p2lPpXxA1Xw\/4Lv5Tq2uyeH\/DPi7VtW+0arqOqWlzbW+v6zommXNjB\/wi\/hC6XLRzzWQvJE+ystxAs0i\/PZ1gaWPwtTJcxyKliqde\/s6OHeFlRqV6Mm6S9niKlWCUHTlXlSeHdDD1IKtKHssPOR85w1n2f5Bn9XN8pzWvk9WCn7TMG6tSph6GIaca0cTGWMq0WuesoVMNhsRXU413QlPndav+vP7SfxM8UeH\/AIA+L9B8DePPD\/ibwHYXeg+DfGfi8eM9OsfFHiPUJLa51WLXLjwd4UsLXwdpqeHr2Rr+y0q3juXs5J5RJF9hSS5n\/Fjw3dy6tB4nvZ78wLpn2i\/ht7lIIo2vFktrlNRjsLrUbdZtQtlmVIbVJb2SN42YSSASNb\/c3wluPBnxm+GUOm\/FDUrr4a\/CH4Oaz4w1z4qa74EtPD6ar8Vte+J+kaze+HhaR65rc8s3i+60vTFsNMDW2vSWui2GEiSD7Lbn4V8TR6RNPr+naJeeJJ7HStRu5PDc1rc3qald276v"}
00453{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574440,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFMFJAAEAGAADAqAEDxmSSCc6z6wOon+1TBo0byoAYZVEaUQAAAQEIChncG\/wB8nQKAAAADQYAAAMwAAEAAAAAQAA="}
00591{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":654379,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
@@ -144,38 +144,38 @@
00468{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":893762,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"LFbcjDU0xCwDBkn+CABFAABRH7FAAEAGAADAqAEDxmSSCc6z6wOon+11Bo2YcbAYZVEaXQAAAQEIChncHTMB8nQqAQEFCgaNnhEGjaOxAAAADQYAAAF4AAAAAAAAQAA="}
00452{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":905805,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFwtlAAEAGAADAqAEDxmSSCc6z6wOon+2GBo3YfoAYZVEaUQAAAQEIChncHT0B8nQrAAAADQYAAAF4AABAAAAAQAA="}
00440{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":118255,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LFbcjDU0xCwDBkn+CABFAAA9WCBAAEAGAADAqAEDvmfDOM6ytinSUvenM6byaYAY+3dDewAAAQEIChncIcwAv4ZsAAAABQQAAAAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":213097,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00614{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":262874,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":275201,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":297747,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01340{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371695,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00816{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371807,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"LFbcjDU0xCwDBkn+CABFAAFUAnpAAEAGAADAqAEDU9i48c6\/yNUzq1mtBM6WrIAYL4nPuwAAAQEIChncIrV4G2gMaTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlPYuPFlAAAAdAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00587{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":390227,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01292{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":488536,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00470{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469981,"pkt_ts_usec":133971,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"LFbcjDU0xCwDBkn+CABFAABQyXBAAEAGAADAqAEDU9i48c6\/yNUzq1rNBM6WrIAYL5vOtwAAAQEIChncJYd4G2hMAAAAAwmf\/wAAAAMUAwAAAAABAgAAAAUEAAAAOw=="}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_tot_l4_data_len":1031,"flow_min_l4_data_len":46,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_tot_l4_data_len":1035,"flow_min_l4_data_len":51,"flow_max_l4_data_len":552,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_tot_l4_data_len":1286,"flow_min_l4_data_len":39,"flow_max_l4_data_len":614,"flow_avg_l4_data_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_tot_l4_data_len":1208,"flow_min_l4_data_len":60,"flow_max_l4_data_len":616,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_tot_l4_data_len":1035,"flow_min_l4_data_len":51,"flow_max_l4_data_len":552,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_tot_l4_data_len":476,"flow_min_l4_data_len":51,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_tot_l4_data_len":1111,"flow_min_l4_data_len":100,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_tot_l4_data_len":1043,"flow_min_l4_data_len":51,"flow_max_l4_data_len":566,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_tot_l4_data_len":1042,"flow_min_l4_data_len":51,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":100,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_tot_l4_data_len":478,"flow_min_l4_data_len":46,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_tot_l4_data_len":1312,"flow_min_l4_data_len":41,"flow_max_l4_data_len":616,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":46,"flow_max_l4_data_len":586,"flow_avg_l4_data_len":202,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1455469977285,"flow_last_seen":1455469977324,"flow_tot_l4_data_len":956,"flow_min_l4_data_len":51,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_tot_l4_data_len":1057,"flow_min_l4_data_len":46,"flow_max_l4_data_len":567,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_tot_l4_data_len":277999,"flow_min_l4_data_len":46,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1323,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_tot_l4_data_len":690,"flow_min_l4_data_len":100,"flow_max_l4_data_len":590,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_tot_l4_data_len":1265,"flow_min_l4_data_len":79,"flow_max_l4_data_len":671,"flow_avg_l4_data_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1455469977285,"flow_last_seen":1455469977324,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":828,"flow_avg_l4_payload_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test"}

16
test/results/bittorrent_ip.pcap.out
View File

@@ -1,5 +1,5 @@
00390{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02401{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380744,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYlAADUGywC5OBQkCgAADtGOiNaC0hsOOk8HpoAQAQ9pDwAAAQEICnOGuIMAaon5wq2wH+fJAB37WaFc0xGrpC62Mk25YlmPUd6ck3UOPlnlmaLDK5iccRQxV6Lrpsvp\/uuH07fwJI5d7\/2xQsXKRbbf\/dZsog8rfXyOu4oWkiFqn16z1YOEpNojRPpe7v7oH86SIuoL3dpLCw3AXEVUNxwx2S7LDL5\/rfeDM8+Bcl\/\/R8Opw8m+od\/En5GEEzZ3xGrHEqfzxOcCFet4txleRVwSMtJGmJGEZlxnSc9bQojqyP8G3\/vCd1PweWLboTk+NjSajTAv1YG+aTAyluKRr0qFOpDKQmC3IVqzr4W9DmG3o93pWPJfaiwZdc0LXafyZIup0T3O+0SD+1KX\/MXVxLlbkrHIObYhG0KRzwzkIiO\/HR3aqzKcLzpGqVYzgATNkx6loBM2zXf8m\/XhjwgHW\/CGReGZFPmB8J6GzYgFDRMMKktYU5wo0oK4SF13YaHyFNIDAJL3DAyL5r+1U9G1+dr8PIMRJp4\/FwQSe6a94CTR4ZskCkdLrs8tj1RsuwrXTbzvqBJzUsQBm9rJfZm4y9w1pfULJ8D1TYjJjMzSDEl0T6hV8EZ4dmzL6IhYkOgH8tql6Y93Y0ddSoYv324931xWI\/bR1RKV7BANQbXUG2pG0h2KZpa6XgVabRUtP99Tr7\/5gqL\/IS2bD5xlSK1xPITsCAn7s7qmMuBYou\/b61yEnXpRH5c7+HPoOUXeVk4W9oZrQVAXk5BbSMEHW5RfTBUhNP++2i6eHn+vUbuL8UK5lLIATIcvvZI9dlyGFiLHDfDqqIZCrFy3RyOhH2X\/YORdIg7sw\/ndDLMFBseU\/KWeXwePK6mHg0z23nZaHdFSoeEOxwrWY0lgWUBWjSyZYzTSBwlfgqsQztiEM77xdLWOhbIlx8\/nuG0COEMh2y1lyIiYlKLCMQXTS7K\/j1FVuF\/8tvPyElMf3rWajnXt3EqUVmFpQ6LS9QxFLTpgEdeFnf2qL+AmoEuGUjU9kJweI25uL0Z9lzpQhvvCq8wd9I+ftZPKuA6dZ\/k3GrkabkYxGDbzhE5ROw\/DgJVMx8YTocrJYMUrgGEF+p9he2ru4LLtxOeShPq42CbnIGyZfsPr53QY+AEuNN1DHzxtN+wF\/8izHYs9Nm7vOWO5FyqA5I1eXm+bYBqxrutPktuKTr3AfJQHxFyberh\/WGaCmyY1JDhaxqT6lahZjq\/D+h\/+cEW317H+1sg6aF1yFTeoDuELtGhphh\/6RwybG6XySF4DX3+mdR3VpDjIljqG2zlOcw4y9GPTB0vD0AfEp6VvCyFfJDbXcmK3LpFLGEF5msQT5bCRePIl2ts6C5\/K71IHEGDPO2Pna8kfaM4QGJ2FEOm\/xWLLsagIQPw6MSeEcAjjO6xkOeOb7btfefPF4Kqyu4ZO6Dzvgl7z+p4BOxyjwIming13hAtv7syoCsUTcyEZ7qN3Z1aE0wB8ZLg5qK0FPpcYv5DNjm96suA59qoy4XiMdUVp7mB3au2pxK33YcDYQwNH4vEAMRMnaiZbwUYX7PyP2fmGyj4etY6\/bzsgqteorOb3gC0UWBkYEiO9kyElGbVXiYAbr+cNxxY6pf6owquBKfCW+9gNQM1Gf3JOhOZXrurW533Z43nBgLYv3+V+2tLwZ1ozPyKPrSjCuP15ektq6c1rgVAbemep1fdRC8ScYX38M92H9PR2+eGCsHtEDQpBXk5LKK8TFCIvKYqIOASd2UUU5JBJTDxPo8Dwxaolh1aYwuyIWd2Y0ZZS0MaxB03Gs37ZQEebCoytVUbaQ8N4pKz7QcsA+9kfdLFgkcDGaBaeG2k\/9sjsS9pkJk1hIC0qCshMy5uCV2qA5VPCarO85ASgoheRo5nDYkD5BXNn2XlPP\/DEADBYv466aYqeaVlkvH4VxCi5CTumh0poopX16s9g9P5WDW3G3znJwzFtdiZlOelig10="}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h3tAAEAG294KAAAOuTgUJIjW0Y46TwemgtIgtoAQCI+fXQAAAQEICgBqiw9zhriD"}
02389{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":381419,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYpAADUGyv+5OBQkCgAADtGOiNaC0iC2Ok8HpoAQAQ+BVgAAAQEICnOGuIMAaon5BuPRLy3uJClpq06N5WbznePjpAb33PwIhDmQzu2amLpqojqD8pITOs+XbaoSgUtCjoMw918bf1kT0PwfNLnQaxL48UHV7myOpaEdJ8VltTypXbxcXCetJJM6gRvH7ym+4hJ4tcr2zekZutLAQjA2A1uiGfgzMF1ut0E7fVqsfQrYv72\/xPwmLPE4vfQ2X8WomSOaMi4wt5m+fmcqD7e+bckg26tp0o+Czgwy47BmFi4tSe42zJqjwrbuZnRxl5R1O\/j7cS3DzHcfxdJVuWBfwx1MvQ49JuS6eYyLe3XQFNuxixXY6GXXeERkcbxBT7Lb1riJflqG+q1NPO57Xk5XbpGzlWX5ncKkblZ3LrRtwKyglC891nWyCbf2GMAiMGfnq2EhxvbsKz+j\/pt0frlmE5XglerKsRhqlt4JvKk9gCPdDlnkSpgt6vcuoRIOxrfm2eTAVfNhx6CQ2IuVPhOAasCwOkG8pUGkqRe6LODGhZMagzSpBj0qEbTOP\/nZ1wDKXgmIFlGyxm0yxZeJOVzBPs3Wrce7TsuReOlTpVaNLpjSe0nIjh79sNpzxXRN3fq+DrJoG6mde11Cr+PE0XpMjWYssAFpJAtA5MN5uyVzdtyGbzHO2mZ2dVQuy\/LKNeOg54Hed4XqXZ+YkcRdAV+qxpt+i5443UdMfoggkY6Dgmeas8IoGPIxy\/F1aYn\/0ntdXOdQCtLaPtnVeWNZ4i8Y1jQqdGs5FP\/yYvhK9ZjwZ30aedmX7HdQavUFTxo+CIzJDcVRVJmSizwljNmn53GAdwtF9ZOliUAJGuhU2aX2CdjlNpcIIhcjR22VSkt2uEj7UTioi2efL2UNX9NvUsNym+l5gYa4e5G1cEFwRCjaIVkqdDBSDJdg3POuDFgeU6vIhhLuQXoicw04wO+Xjc+NIvW0g4HOyvXMjMLo+1lIXWf\/wil860bZ8dcJKnGIOZaWsA0QaDBIFhW1u2oBSFO\/9AXIm8behQDqQz5asWfGHjJdg8Oy0tMlQWMBK9pDo30IjNPez7bfZj9hxZ6sb5FDvSj6iwwn1H6NIpmLF6aF4BPDl5bvjAlqbaae6vn\/bEdweGulxxyKri96vRMASxK0NDSViZF9pzX2TEtg1z68PnNJexmxFyI\/1\/jw4iTSFgTpmkWn\/HZdU52OFen96owDvY6j78ZdkHaN1r4xDrNDPIeqxWhgvXe8ss4awVKrb2YX089D\/MitjkeShQZBZ42JvzMY5MvxJSl2zFv\/L6rNZ7NgZ9+eUWL\/AfLeo5F1xuMTKDJsFgJFmRyraDsNdpy+6q7fX6k9D+pabZs6K158Kg0fVT2yQIBroDGxM1QE8faZZCIHtc4OXJfstrC3lA8Lmy+ub2Vhg790zL7DKhf3deHSySeAIxpQlVytfpOeRHbueQ977qmpJ6mNwxivN07QLge+I5TV9UAm8C\/8mEKXRZwCTgksGem0MHtLQHcHgAyVq3DwvrLIbgJFg+qrY8f3YSjrTKDCxnFFqEf\/k+DpR0PIB8vx8d6i7CqO80LKMLY09+pIsRbs1iaREhcvxtiSQcPorl+xzUOpFF+ynEOJwniCrLZ9Um3lOIQwekvMzVg1\/E8kwhzoUVfq65oC1Nj4qhJYXWBdOegYHdoLPw9e8D61y3JA8fmRXFd1eMX4AQ4se+E0wzfA\/1x2bkZe2YNOndoBBB+Nl1kSDpp36avXMKGGqgGUv8JnWRPrFSmswcbiHJFltbqFgrm3JaB6LsMDYkZ3Q4oWjkBYH+AqtZlcLeDiXmiTreMV7hQ1sYkZnyoS0VB6rFVH+0+WXLmbOY7Um0YGrs3I2CFSOj2qxt9f9kMiKPgQpbYcoA9TAl7kD4ysSlXUeSvrMg63NJUKn+J\/RHzYJDMuRaxlCrLjRkiwIAM6wOD\/KLQPtI6e4VYwtvjiy84faZt6WMI="}
@@ -15,7 +15,7 @@
02402{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389958,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnY9AADUGyvq5OBQkCgAADtGOiNaC0jz+Ok8HpoAQAQ+X1AAAAQEICnOGuIYAaon8LCTCy8BVB\/Gv9oQgc2xUgGbPdfX3rG\/ZE14UJhCmmhYGEbhY8wuCB2inw6R3mSCVT7jzowALqrF2Nox6uvPYqUa3pMV1o31kPTJItZAqzh2X92Vdm2W8tDE67kRecccl7FH6rP1Y1Nr+9YwvVidGw\/aVcRk3uhG1t1CDDaJR5eqxmu5rctvagUaqoA00Jor19TBM5mWpx1NJzC1e9pveCLdDd2Qzu5vZA4uNgsYSg\/Bc4K3+QULjQ+uoj4iN+wvgnudZXW2C6UcFAWx3R32PLGJ9ugtwpbiieXmC8MQ\/Jr0TyhAExROaHsrw6RXsIgjwulSLbDiz2jAjMTT9fnI89jRFAPW2HUibKJmyv4Ij53TS5bNmYZNB4gU78iqXfbYhG7Lw4Gsi5y0r\/2U6VCfI3TkB1+vZuVh2vxMeuI9wropVyEg0a7zcAGnG\/bE+EmSLBEZj4fVp+tJ3hrf49RG6uJ94QdRbUtTGthXcaL5KgZNMsgVV0qk\/r9cDkQGBxd8Wr\/rVfPukRI6stUqp\/MRaHjaIbuIVd3CwWfRPP0kK13U6LRTo0kls+odv5waPHflMs04Wa2WUcZ16O\/x8sNe602vVIXe1erbnLV3IYG+L6tDhhkfHeCY3qD7snP70z0E4bHLqHfAqOtAltp+agmOP3RpZw7zk8mpfizzzxDlGuEBEpHIkXCCzBJi25ml844RCSuSMVtSfJNQmYNKDDeo4VAKIuWvGwULQbZc2oY\/B\/k1vD5VXBKhVklHAaS7VgCVwiqGbFb93wy51ECSEQfCZXgEy+cXny\/L3AhUT6SnPH3d5qIcCixxX9Zhq9xxLOeYijFd\/hbxAVHKYjyOBWJa32bIjjP5aSZQzxf+pgHYbnOT65OnARIZtdl8hCLyMqV3GMC5c1zHWHb+9GtB2NwJg5CH6liQU7cLoNTFU9m1JqyZntCrx\/\/daplbtRuN\/3nMEhb1Op4p0vE91qR+FjSF5ABi4bc+TnmPAGuXMIdpi3C27NXv18AwgtT7HlVWMcWm2v7IUXIOGjwi\/HuUS4y\/IZoCN5DC13lIOWUovcvWOVkFnWLDh+6nQx49GxfBT3+qdf4c7eqs8f253Z9Yu0jgwDsUFC1WJLDGmPkeASfXYluDZ6ED6Kv6TTnXSH5zBqkD0SKs5Ntw1FwszKqrmRxshIDSFz4DieYLYcRzG2m8uzvpNmeOOQUTHbJuvsA1tFpYmJAKECKCI86mvtpTn5IkBhJ6y+QGdpYUz0UmAJS9PgR86I0F16yiYLfFwwY1I0PgelBKYUI6tTgAZyZptij\/I98hYJj3C\/igN+AZ1YWqnqV8JoRD7IA3b+fPO9cH7wZm6knRCdn4NGQ5jx5j\/gYYg5Bk7j+VwsfpKwSQJEcofNY5XU6Nq6LxQb7E2yWPVOc1I3XWzn7ERkNSsR9ZWKXlCpOVZGleQLVs7XKpGtXGQttJSuDlm\/pQSrUjOkadxG6AyVX+VzhssdrX3uSouqHLteQNbXstqvj3JgXzrFnZQrE1mP5Bscc3SGTWps5dDotab6bDPWPJOuLGnLH+RKVEXzKlTOLL1ELqVVcoMhcrvaK1CYxQ\/M4netH1I92H9mfjQBBnsohy9MceFeDBOtIEg5h+NCZ2TzopL53gZunEH8iGMRs2\/w23\/Wl0cFqrsDEUEmSyQr1mwyL63yyFFXhRxCiufiQEtUer1vkBQSOFL83bpbR0PRnKCCJKg8Ig8nRKZCxQGfu\/3R1logz+6i57p2E2Bb00tu51D4uD00P6HRxAUlOqBxK3aHJ0J5DSLf7HAryv2ty7N+4Ap0XGV344X\/\/rEbBUl\/3e6p1546\/blAXCxbHA\/rSKpoq4k2cc3081hoLRpzfKHkCdIzRYQB4Rl3oGCkh\/3pAbARmnOv9hOmzRhgcis5zgv3DOFknmhid70p4dt4kbL9Jk="}
00430{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389962,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h4FAAEAG29gKAAAOuTgUJIjW0Y46TwemgtJCpoAQCRd84AAAAQEICgBqixFzhriG"}
02391{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389967,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnZBAADUGyvm5OBQkCgAADtGOiNaC0kKmOk8HpoAQAQ9TXAAAAQEICnOGuIYAaon86kCyxYzDt33zmhYULc6p5S0NUXklgbxQ2lLgxjEbV6TISaCK+l4l45eomYRprbaDV1Mn0ZEjO7ADMeBq1v0WphjN869OXm+GAuEcy7tCaRt4eBV7STsjPsbdLeDl4roSW4emk2P9nLWwvR42cc7d4B56Z2yQPlshp3zYMtITRYl9TWFSMWe3FdqJRe0gVurJZlATKtrnTC970\/qwHEVc3tCarnWtN8Q7ryOSnj+NVWh2+aUllIC+kjoBd8S0jFOQgmTdPF62sGJXT\/B9eWl38\/MEdL4knoQIw4ymZRw5PFl8ySWNayCLfG2Kt34JpGHNoDTcsuwQp2EAsNQEejW6F2TGN9q66yKi\/6KlqzjC5+kajKKdAYHrcu0Je71ggcazKjMr1cvGSOPDZDVcL4C\/nl1LjWRPREQLLgMOhCBDhle9jwKd+sdnrvlHNCkUVFLEESsREhcBKQPerraWyn\/VzeCkCknVyr5o5F9lCKn8irdw0+aG4kC\/xNIjh8ThUNj1\/AxAkteG7hfKybcOklmTemUArOgONClt96sKaNJBf3X4tblwgyyNsAlk7siZrwbVQ+ju+oA99u7FtB+ch8Z9lHXeU0Rm2Mt4kqDpUwHCxd8a7t0slj9S4SpdqHYUpF50oj9Xuy7olByVmYuLhZYe0jS1clOKh6b4Jg4bc1SM33\/G7AMrQbljRcFOrgD4t6nGzUpLM5GB4a1\/LrGe1VmAMT1eTqeoGYypqsJrX7DMAHfmirDNLYVvS34CP2cJ1VIc3fY6wX7iheEWbPWUXqW72OLi1srW6osh1SR9xj8e1RgdYCPDUJIx6brffNUgtrGSE3nH0lxOybCaCyjPDO6PqXqOg4+7p0ricx\/ho6S5J3sy5Ynx3DsLEQaKfahtdDnn9MjFnO2SOST6TbFcfBmNpKUWlo6JQFJnbVpU0i0gYqzIBghagebCdk6Dqn391FIr\/CBnuWRz3cFlcbolVXcCuN2+SD6JxFebpRVh57INHQE\/dG4dDD3wgYQq+vj5J2V8Ejyb6Zn1lRC+sZCHeL8TNssFp+fMLpUJwZmGy2Q0wrYYB1tiq4vYDdf2TJ8+RHAs7WKTPNiV2em1sqKs8bA2txP8dnO56ZPrRY7eIdDHFHntiA\/JjPJqe5Rhhoz21eFoSvKkR8euFwh7QC3xFX4uuEMN06gE4gN1\/yrTp3iz3YlWbA2reoYMKPUfHVUcewV9Yteskjvwe5HkHZ+a3c5AjHXXe6BNSUAkxKANQ\/J5k7x87T62t8mh4fEeMJF0bLTR9f12Pxh4gpJnidje4BE+VTgVNP0LnEjieN2\/W+9zul3jCDOHF8rpHPBXno2jbc9Nb5gUbYNoQ3p4w12KycAAtiAA\/vBC6yc8Zl15YXWM0i3m\/7bvPPDjHEJ1PVfqBPbDDGhx+7vfYAwxaHRcA\/ax6sQHCB8YhT5SUGiRptEySbmm3GbFreiywtVr6SA2Krob9ff1SqGA2LdHF8APd27j7j35KqslqF47jLVjMZCcb3agcMtv9osGZX7RSoWpcfsL\/SWdN3+UhRXoaiO5NoWJf5J0L1exwIzF1aivg+0Rv7ZO\/TWEBuq4TIllEwgPcd6wRk7SO1T1k2PVoRShDy3d22Vm4sBxaUOLUjaqbYUt0Jk7xbDLWWRPzAPansXvI0qDIrLevoy2eyBO0ylGa8ORoy1zcrXT2VMYqnzoyoH+TjkHpOICAcoOmxgqHIlJN7JB2xeaVsdhDtbR5S1Ueg4C+0PLiWzITdKIUpDS79Cwbu13HVzcs3vubirGqB6wcu6gX37WeN5SHmOVjvNpWbIahXL54HB81EHShQ+uuc33MvkIsr8EO64dydI7DkyrfrQkDl\/+olMD1bcBi1PMZofR0jaIiFb4B2OzflU66KkHP9MNmizJM9k8EjO0Pex0TPDSjF4ApTpHI40="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02403{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649218,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOpAAFYGvBFN3q4UCgAADgsythIFf+fAyg3zkIAQAQRWiAAAAQEIChotFWoAapAXoFZsJoOEMtF8fPEtH7H+tnsdcSzA336oJmu4Vmd4+L0QrQI3vtKCetbBuRYf5q6g4O6T0Jwp+QqkdwPc7HIErcfsszej+MIWFWM+kOUmjcQ4ZzXdJdcDBn8tOzKM\/z8HdD\/MBa7YQ6L8mDTXwMbVhCmQLgbAVb5T2wqH8d9UkDVqlE4CdoiXFdq7BoinmTI+n69Jp92R8vC9PLr05497LGrl2kCzOEtw5RufMIBravi7K9SBGj9g6MGJ8Fw8hqrm0xOpXgEmn75Yv5o7t9GISbIYVy6cnlHVv3p+RW+VMGwcGC7\/D8E\/tusAAI1dhhSRgUnFFYFSAhbWAYsPLVL6f2ZAA68rnkVJyWqRKoLWS9t6fiygCJzsXpD9reclTF0ougyKNwzaySeCWEv0QML+Mc8VyLOsOYyTGjsuSAfPgnofr1U0FX0E+Zvh\/RvKsbWYAahJWgUlShdPHqEf+qR\/o\/pKADGNHH1h3AqhOjp1sxLJwUPyaG5MlbUXcKVh61M2C2gpAegg7EAaAMPjQxLgKq\/PP7MNzdJEA63NK8hFrb8ZkqIDg3piw43Cunv\/XwlxpJUPkgp65a0PBs0M2QTqbJUuWTg2V4FnBQVHNECBwZQ4vvIu0vJQqGvH\/1zLIgddrBciuHp1CsBXaHYMArE\/398PWRUyXJEwhjJvpcr\/Uq2id0s9SinNP35BTHlbGR301Q0vBviN5TCZSdt50xv+uNPxsXhH0qlx5d7nEbPjEt1LaE3rg6CTrMllJQv9RJgn1gkpfaOQCka2Oxa\/B3z4el5uj9l5KnbMyvg\/P2FuSDbdV0g3ONFCT1KjW6yeLDaOGaYVsHSACSF43ghrE5lHyI011V2XTfwRwthCTlThs8g\/780ycHMTFQxKocL33iHFGEvuHAXD1GwgQlFY2VYQPl4UylaE5WnB5+k25VUMulXxcNr9Vrlfv9ZQS5WGr6fv\/lbK6o+guHKYyXbUs\/gpwBFqjud16lcsgZL+rWu9vscuTUuStWZG+nCx\/6SZbSTD\/nZ7xafjL7TxukeSNLa8cdjTDxIBHS+e0QwJp7L36i0Jn33HjvSTZoyG4YNIg0PFii7jtuvKebpx1Ad2MDsC+Inwz4W+7FiI30s+aTiXOnwEKsi2Rvla0\/A4j6JEujop9WovLrEfeuwn9m4qKx7igLTJZcpSUUSSpzTCh0SHieWaepQl+\/WY4XaKtEBTPCGDH1Y1xQkC0fZv2v\/wPULChMHwxkA8jqK1+ntgDOWX9aH78LcwkyQC3fhQvIjJN\/zj3BUJpqROJBIiWV1\/owLBEFZXhl8JqX02\/sm\/uWY4H4jERLsn5zGEQkjIDgit3OfyHPsoVLm4OswgtlkPQbN2IXxNoNcFUwT1ffARs\/DtLlXY7vNEMgQg3FzRVLiunvO29LGYW7dLFc1U3HxByATWLIpVBA6SiX6sITCkjHO+NLpV37cQFSe9jAKO\/fmb9voWfNIdLzvieh8R7MyORkneGyzSqqUJhsc60hN5SSUTqEFaWPZZCGV30wCKl8\/4lJWmdAQZXC4VPd47njmoImX2HL9aH+gazhp\/2y3hvOlvHHPBMSupE2t4RF3jx9kbuVQCSq9osZktCArUv0ri0ZtR5dNz9DV72xERQVKh6U0XXmbmdXWVmw0OA7m6D\/q3NiRmIfYybOWSbQIatIdYO04QXBCsK7111IbYcEVX74or\/kfGT6eIISYtZHYWAXjPKfIrY+lUMW47gfW0LcohEMRBAUK\/jBCTv5rV4CdfOUUTqfzCQHxmMKSJdiDkoGJNJ4IvyWLatplgOPd4RDMYBVNuZILHQw3bWbpI5ynVbrCBaM\/SysRaZ1jDvedzcl2b+8fJIvh9PiapmS7NU6IDXTaW1NJ2N\/lM+2DD0w14cFU8GNPo\/XVSUVo9XrZPfQ2OmgPL9X+xhG5Vb78="}
02401{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649223,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOtAAFYGvBBN3q4UCgAADgsythIFf+1oyg3zkIAQAQTgjAAAAQEIChotFWoAapAXo34tMz4skfaHlYY\/ScNpDxIpCs+P5jEsNAxpbVkUCDph\/pBzMB\/LwnipjHQtHoSdK8T5c6F80YLV8r4yOc6N2BSayttGT02IcKpL4u7OmmkC8v9\/K17IrOvPSiKzm8IXRcVGvWLEe7mSpkbGXP8Zg500fAiD07gmzEjqDvcGQwae\/\/c+fT68j5qTn4EIMnlVV6K3u4\/YjaSNQ5X0kUrG4oshGwbT6lOr7qjrcpHx811m57vXMYMYdLpZlpYL3oCUJJoZmbYnALEOz0mDJkuefbnLwlSq1HWKxOP+GdZiMuM3zqBFAhRFpOw0wsHIgYwiLZnjgU2necxHkVHPeXyRvs7PXtFfjrsS9PYsP4dh+js8z\/HcmJYGR83xYLEXA4a0\/eDgV2ZN3mJ246foC2z7ESpSlbDC7rDC7kxPuL+vxgE1IJunPjOeZX8vRzrWdOhpseT6UBY+SivCjRALwumw8jaII\/0avXIXosCaJWtRKZMmdFQaTdoQK8gsWTQBoGt2TE2kZXnWB\/rApZxcgbQEyzgxgcTfZBPcV\/3V1jRhF4D7oaPJc9EpwDGnjV9Mav5Q3stag588iPoH2gzQBtl7pZHgOHi1XQcz5kB19l3w4lPjAd5YKvzqL2+O7HLsqkxJvCc9xdSQMeZIq61Xc8hUjm3R8ibutovYPhKqO94ataVUmAYrTHLBUiOgGFBdvIxrvTCmQQ9Be+7ybkUWeqSsixsDWzQI5UUaBY0MPN+FMMQYdval+DZSlnOiTbIx1T7PKkq\/0wFPkNyo0knB1r\/EsQVn2O7BFGfSq4gT9z+dYK0E9w3X7FjlS86WoHdTb5RRBw8xH8Fh7dSqdNJBR1IzH\/32Lu5S+67T0h\/5z9BRLTqqyqP5iwd+vtZ0GOkBYlS9TsOPdxhIjSaj1w5CC827\/kTX3P5CMBTKq5L34ltxCBEy4fxlNOgSgyr2c8CzN7W3+9q\/2lQHIwhVb+JW8Wui9hDMNU\/wujR5n32OFvwD2QHVeJRQHs166q6yxxlMKx68f6TXlexEhPC+g5jAK+iIE9t12iL2zbNyEIrU9BGVwHSjvi9dn\/R2rW6+XZTQ5m9I2MvRHE4KW0mfjS0Bbxx07TQtwhn0mE\/CuyZtLYMHn\/xUxoXUl6ReTcf+DQcD6PDQVb5u2Ac3XqIXomVn6ks7GOKGpAS1vo1sy9N9B92UnP\/Esv0qk5vYtzQGnayZMCdNm5iN7cXyeHDQvrsA\/syaRP23zdQSDJwkhDiC7grWYuL00L2z9fymp8OdI6qZlZmC5UP5erWZ\/y\/NATjfTE2lPIZ4CufAdTNaV+HL\/OENr7VzqlcUSPMJUpZe\/uPBX4hb5PTr2k79iqBn5W2bAOg7f8OUTsuGNCRx2esiT77WgsjtYMLWGohNp8xgnHEQ\/f2U+Umki8C6MAJk5V+ShBv27oPYtAaESwDy4i6pXIdNqgYbuC8tjYHTTxYVK5PLBUAnT7sfWJ9tNba8K7LfESYNsMZ2NEyYLSogogqOIBqX2RhGWFxZmcmNyMr+mipx2RqzLPtlvv8+kvPsAMtUmyl3amIiZgIvn8KvwnKuxavASbzL1yhnGFf8G5TIUTVmmJkA4hggxNpWmxxcPef\/HOamo4tsekfmXeSCur6ixMEpKu8xonqrX8ZyK9dEJzbc4+ry2K3zY5v+u6KriUQwOdDYzrn9xlIYWXlKpIJMaRT7Yel9DnXLtQGGVgPboCYRdqKv8AvtOJ6Ejw2yug8KSDGMadC0cnfSs\/SOYlGavKDGmtW94SCRgDE3gRafvD+c0eaoWKwQu9\/JSnpokqEi2gK8TdXJt5arUnG6ISh\/qG477G+d+KyVZJFRXyLBDKMJVuCHgdN+PBrPL2G\/4T28dATlQcAmGchVsj0We7WEFzT6cH7Ok7VBXgCxQGetulH4jjNutVlTNpowG9g="}
02400{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649227,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOxAAFYGvA9N3q4UCgAADgsythIFf\/MQyg3zkIAQAQTEnAAAAQEIChotFWoAapAXin3jI4ARKjVzLsHKHqf0eIbRIWzLABcT2\/h2G1F+6R1+NYd0dCvt0tnxxfqRWn1RYuahphiLQ4wktD8lNPU4DtXpNdlpqumKgvrZFXodsWrom1N8t6xryu\/E0m1Z1ql1ee+DLth6NH74VmruNLYD6SnIbzvOwjO0xPCx33wakRciHkq7RP5ztglIb5eBKAYKpFTqldfebbBBj2NzIkO09M5Li6a0Q+yGxmjFz7xt3wmahWpzenfF76rsuBEBdPOGn3cIIEo9V4GpW\/1Lcy2Y6golYpINKPuoe051x0p6EfkwNEgNTVI5PknJjh8DLQy+S+iiabNPy4Wuz4Z29sO3UcTbI0FXzNSE5+arxO9fGVzsHQZMzMmCpF9GrK\/B30GHG\/ZyHQhyziSR6y4xyvAdJ8nTfZFnUBURWjDzzHbLKGnUTQljhNTua44LZUkCPYPLvnSqy3oyAbMNEHf\/KaPyDv4qLw3IB7d\/2XNyxwUcZzNdmB1fwMvTAkHYUi\/uqnAjN1mXJltMT5wC7iN8jYNZNjPeE0a9hYlUtRfFiUPLxbpYYVapCnh2FX+Ctm8GX4fkqVbh9kSeGcLX9kJLBzDy3Uop3tSAD5xZHmhI9Q\/IPKsJ8jLCiu9IY8O4W0azacMqwq+e7GXbIKTziJnlV+q1WBdAYrxocVCNXeDGKmflDYMiuGvRsv18Jrf\/dTmHFWW1R1LuDQtpnQOev\/ZBOBXXD88wiwd8mSiCjN+1vRnCm3P5te+C1QJm4c9BezvsE7mVWhUpIyw2keZusvaHbIKjJv5qf\/xE+txjn2o\/x+3YZBsV5yTHUYDBHIRKiiAfMckqW2pwZZOXQ9IlIQYT5UN6o1EA4NhUw7oaR6J1NgSTOxxPFScL\/3+F5TDHrQg7TBZaLbbHXVKbpo7mvD36CLfqDYNXssdIEltIBoy8AZRd8xI5GQuI5gFP6Wjf\/3ooDq6WagIW4vzQx0UC3+X\/w7COBEw6kRpulcGFosgCWGhwgAMrtTSilcfPSfMq2VgN\/r6xOs3egY\/Ge42To0LGUB\/vnPYy3Cy6lIZ0jPqucO4NwE9iO1vMeB0CPQwGmzE5iKea01O9t8Wm6iirfnMI9eXzbKY1ux0ThzsmJTNJBFy\/WfcKj3WsWoJBBTgEtxjS1EqielS1GSFQEHjui24ubSBIaCgeQ96sdh3IObHf9FOqkiMIhh3ltxxCHP0Km7DyQzN3HJcL+xjpP3Ae6E+FFo7LOGrYSDbyWcNXbSISJHso+3Znv6YGWBEbXj75Ie69B+d1sZ2\/Yk1ZTb7seX02Fbq1BL4FhkImhuAJO+JnQ1p3pchczUOp8T53M507sNc5xmvei1IGViEBgZtci6UfQl\/2Te3fVdx7hdovgWOoa00R6VxsT2gGeWrcLix0CkBy5U9C2qUC07JgOdY9ysGZcGos4SlBO5NO0xM7t952urMo8OrVFsXvdL28d9XRtQJY7yQy60XKugdg1UYzhmSoQyRjNi5m9+\/V0YeBm1pOWdj\/gOvBNko29IxSXZuGaTEBFpoPFVWPMt\/gVGpFT9m2SwjT2XBytKEyjcppJvDRynyqUq51q\/MW8\/f9uSyn3Q06zJDysyVOgWA7ZmGxp5sxwT8\/Em\/M\/euPjOWONXGNQ2lnBuUlQbOPYhiFMwptuMeZck6Sg30qMH32vhZbKicNnkmDMnUCW3ChWQIe01E02FgtEwaDgj46+76jPfyR7Yf7epGBpMrhlj2Mh7rQWgjjhegI82Evg\/8nW64VVVvU15kEbexGTS0v4x8KcoGnqIsBK0MLIrq8jFQLhK6SQrGlhfZvEzJFlf+4TGr4C4UBx9AnZ8umxn2rXOXQCwiwqElsdIs8KReJMwfCYtUvdEmRNXmClaV+MEiWCDdLnx3HVC7AO6ywQjaBwA25YN6L96xFQTMRuEeo19Qvx\/8="}
@@ -31,9 +31,9 @@
00430{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":655766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0sWRAAEAGg18KAAAOTd6uFLYSCzLKDfOQBYAaqIAQX+uwlAAAAQEICgBqkTAaLRVq"}
02394{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662177,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPNAAFYGvAhN3q4UCgAADgsythIFgBqoyg3zkIAQAQTQ7AAAAQEIChotFWoAapAXTPv37xKBkoPcElMXJP4F6GkLBpIwNvPUyhbAXIPXCxH3rsfyP2Mf60BHbSeuspLgDZ\/KA0RID2XY68rmNpCJj+1ifQEadclYnN9QraJ9Hk9mmtVWe4LhShrgqO\/L6UEo2iBw6\/hvVzJzWX9X\/6KszxZb23GyMbco0bUU61\/2zjDsTp7WWwO0eZWK+7yS6XZFQIajjf15D8hKQw4r75p\/Hil8m3+nJ6DaIx5SHxDNbcNODJAT\/uGSnovNzrmQCIXkAaj43ukrVXAdcVhDz+U409jOs9SBUNE8SeJ205EpV5+CG4J6\/yNfKdGED75RIUfsR57433WxaBIezraHpW38aY4eX84kX5tSqALijjwQaQ4GJ4b8hKqOhKGpjNs77PesVmEJrFTm8VixZzBOHQ77zLEDSVP8v4xTHrXKNpK+ZnWA9jaukBJBf+VaDBOxLsdiV3BqAneXxMsDzWW8u3E8GU2JXZjubG6DKFS\/tOnsOQarpWkt9hDAYcn7FSRgdyebve3gt7jHdSeQrTUY1dVzg5ehZUXUHqjX0r9C9i6tgABOQCim2IdjSaeV8hpRwCNvyC84rnTTvYotr2HcujGIUMJ3kfwQdSqhRfz9OXDyC6MX0adDDXV6JIjCkKCmfKs3uG6C9zmEUmIqhLMfEu3xhONN3Z0FBt+zc4ZES2qixYTgce0+UcZ\/rZq3NxqhdKqYguk+KFgDEVZYWAZSReWhUBdlNcD\/sLsSzSL4hTHS1P3Kkhyv8+FqHTCZR20ozKNMw7voSOFfi0hzNMNZ3DbqO6TZWHn9sdpivnCwEl9y9gd0+b\/3AwNoQ+DAdSEYmmUNqhIl5QezNikwirjGfA5oSXbTps7oT8rTnuaPRiOP6dYBe6IEhaHZcF5fB11Ok1GBo3s4Rq+mcGOTeb5OeTcCwCCgBLEQ6EqvMZWZTx8vy7MOMAARWCBSh3tNHOif34oMOskf9lpTaIQqCx8kzFSqnBW8lm2c2FMP3oj3MiVpZ1Pk0Oj9pI4c5SJchAOMXIE+mIDd7c9vxlb+TyRgzkrarmo1UFRee8+0DBTfrgkl5pxOvUyxkAX+ezFKu6p7WqNCMQ2XJrbEVJW8flwrbk2O51h3E68KhZF4oz5pOzlrC7yK9lTq+cdmQwDag4Iz6\/dy35t1GcC+GH+JXLOwIiA6l2E\/I+AR8Bxx6kKblK3TuhHrmOAEF0VvwReAMAxOncr0VW8CYRJKlSQCwDdE0qDKPYFToKkrO29WGtSfr0qfQDNOuk4PGAp6OaxVIk2x34oLtOz+xXds01bfe5+8VSie3cerqt\/aJQuFf9WPL44LmbvACsRg6JgerrcOsO0zz8hp3N5iY6u7RI9s7h1YY+uzpp2RLlUjuBKRL23q2lctRA8O9XaSEfCd4DfJITDxEtTqsxPNGTQYvBYMLMts8fxKM\/qmaFGrEF\/F2Z\/eVPygQJLn0T9AnmeomiQOOUdDyht5Mt\/fcxM16dRXlzqVdaKap4D9z63aJfjmUp\/AWMcMWJg7fUkBZTSB008KTAc+fJz5od9gZzUNjqeizGF3BIGR5EFdTFPpX\/irlzCphDdnQe7WrGMCD1wxlOeoTD+gh5mhVHwEBzDrYcryeDvGP+PdHrJZZAWJ1nsr2gqpDZVWJ2xVadt0P+h\/GDGfUod1FtVZBG\/QSDxR7iqJVl4KNOEvtCmld4Kk8gdRZZpB87TiKNJuW81HmI2hyNPY9Tvgas6JDOzbDec7TiryT6HZmHkq5GCRb4Tc46fJAx2ipoDbLdX75fyAA+QJwvEPh7hoIklnuh+MtZz\/9WX43JGNxqzEs4yHkBBuGVNHC9RTC\/amzwJSC0oV0Pb4I79iKSPPyAtT6fbZkQF0VFWQU0nOaW9Zmnw2CiH0I9xCDrZYeHB4SrTQyO7XsArVkw9vdLyyhhUjrUnnW9yk4\/o="}
02399{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662203,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPRAAFYGvAdN3q4UCgAADgsythIFgCBQyg3zkIAQAQQ3QgAAAQEIChotFWoAapAXYNOsn7lwbwgXErTPWnqHh1cl69dM2t2JJ4jmOcSnHYWJHX3dJ2IbVMw73tm6RhzQ37XmqEPvCmoYGyw69iDhYe+2b9SGubuLVyPTiKywe\/C92yKYICgV3TQzuGAnNC\/RYvE6WsIR+06b6F73RqsePJ7BFhgzUWaPSRSnwtsFtQZXlwaa2z7xMucEQfrw7PBKF6JXxhAcZgBDq9tGmnnt79PSPtGLNwCoGbMr7IlTUHvmiQbEF0BkjOIR9CREqChtHEtror7tBdmyzgsXX7d5B2lnP069nRDIyKxRbrIULeVH7iCXxLYpKQROdB5VUppMlSTgNGBOudBdcGCUtuFz7GbqdaxJCdv3x2GOP0a7t8+cYW1nWSXI3h5O1j3rNIXpzd4IvdndVS5FlQfsTTt0QHE74QtLqR\/O7Ft97z7lEGWS+WEIkSGTwUtrEOrpfUQ35NdK7TUod30ErQjccBRXTnv5Fz2ZBQ7fNLswuq5x8uVHKtSCpVmNt0+dZoZpJpg6L6x80UQEpBZepgbu94HM\/dJ\/hEMASN3wCswf8acbuHuYkWQYkFbuzdM9DnyYfKkxFx10BMEagMOhdYdRFV4PkEHTJQz+\/Fx7q5yngGQE6bRZ\/b3IBWul9igmEYFszK\/5b04G6C7hyE5cUOqtsSsIIR83HaX18R+H7pG8Hr1cEYLzI2oQ4gAxsLpLe\/ohICfLM4tSUNx1kqMgp\/lRs20I0vNSDnLy0omLjYc6SXbtCw7iCv8VTGLmfl+qnKOieBEurv\/36cS17VqM90Svc9MGGlAKh33+BXHiS6f9r2\/esj5e5mSiS1NPpBFUHiOzzyfbZm+oMIhtPCRkolGkSDQwqVRhFTf02\/qFunpdTBFN7c\/BH76diOgZPz+Rue2ziTL5NKv+jalBU7QjPQt2Rxduaz7NfMLZu35DJYutzypJioTmqNrYv4J8mOl6\/FPp2345\/6IGrYSjpGmTAQYDlW0QDu5iLD9TbgSE+svxuhBBd6vr0OwxaoSQqxbOLedBX+j8e2\/O3zd2pe+PuV1KoglCy8DyvSIR8d\/rezcejg9HwBuiSti1u83wn9jHghW96buN0BVyD3FeqcAADooPtJTFw8lcNOsHy6jxEBZCWKwhMLzNsN4yHt4+hRIDfkC5AyA55XsGoJ1Nko4yOewoN+WrXd0AewLO8Du2bSHPeoq2jMtOxc9UESatwsvIjPOR197ghQiUhBJVrNSkpMcjrbhPpEutm2Altzoi8gS7voI5iEg+DtP07gnzuTSC76hE5AsovHX8knu\/e5XxbHehHyc7jZ9GPR1l7xzC\/Y5sOIMV+jNxVIhBuvCEE5JrIIFJIbkEJqYyxE069rUf6UCpadFw5VhkcIjwSDPMwpU6TzNZ0yCdQSByLwH7\/jCujElqw3o1qHEttVlgR6KOEG4DKVm3bhbS6lRjvllQIrcfsDxztiYCDEfVqHa72Hhx0Eds+y\/wQCyQdVz\/FHnq8iYyTf\/GePJz1H4HKfILJqqcHRjtuT2odIv+Nm\/hELYDXaBYO3em2jmCNUvruQomTUZoOdkn24MD9503F9rQtW1BPYGzI9w93UNLkyKgQbq9qk5sALPFYAlQMCagNniGZhDXD35b3Vc2qjebOGhcz\/Hk+cCAaNmdm5KSGQQOqSNZsyhex\/ptVCJl5FVE2GPnyqG8SJRuMLzuL\/LRO+DCGcL3j38PzGcSNZg+qMnrfekvZEhgQfQFT\/BRHDsUExwBRHOZ6pKMLEV0PRJYOCMsV8U9fvq3suA+W++1Uf9beaH9QD7PptNameLfjiupm4iKR80Lt9MJbVdbycEMiMEE89BlhXTY83Y4EG\/l4R4OgIiMo4SXLhlDNY9\/4MM1p2UwOwo4gzZmV520IvMBJmkQE5hkEeSP+hUwb6AKm5XmcfeBbn865ZYi7j+Oz7xF97U="}
00589{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00586{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_tot_l4_data_len":36300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":756,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_tot_l4_data_len":36300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":756,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00600{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00597{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test"}

8
test/results/bittorrent_utp.pcap.out
View File

@@ -1,7 +1,7 @@
00391{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00542{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385034,"pkt_ts_usec":843882,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00543{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385039,"pkt_ts_usec":236076,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
00447{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274157,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"LFbcjDU0xCwDBkn+CABFAAA60g0AAEARAADAqAEFUvNxK5\/\/\/ckAJoYDIQJTAgb\/P19\/\/\/\/\/AADwAEnH5\/UACAAAAAAAAAAA"}
@@ -16,5 +16,5 @@
00545{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":747238,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPltAAHARRjpS83ErwKgBBf3Jn\/8AcGQkZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AKNLQi81\/RCcQj+jdmBNANVsZTE6cTk6Z2V0X3BlZXJzMTp0MjpdRzE6djQ6TFQBATE6eTE6cWU="}
02397{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":805866,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"xCwDBkn+LFbcjDU0CABFCAXcPl4AAHARgN9S83ErwKgBBf3Jn\/8FyCGxAQBTAxD2SHQJ8T+lABAAAOf5Scj8LyukouNrwUcnHBaQa20z\/P8AHdLMNu2WZZdo9jx61Mq\/MnSVXq2PKIiIiIqkREqCICikREIiiqqIuK2Faz6fbus+dzXd1q9It9ttDyt2LCbJbJYs9CdF1xFJiOaAwo8M8oayXEFOzo+IFP1dXNRdtGgGqGm2re2HIpDt9sNzFq64iUaejM2EYOo84Mmc0StETZFHJE7\/ACeAwECbJTt\/vt3\/AOVaUZNedM9GsckX\/NrNbHLnkt4K2uymbDEVhDF0QROCIBeadJ1xFZbRQEkcUyRvn756mkPINsuPWTS+7XDPdx90ssKKdut2NSHzYn+3E58lW\/EDR+NAfIUbRwe\/RehNIfHQenrkm5SyauajYTrzZcolR5LKX2Lfrtw9BjSlNtHIsZ9sSZIXAfAkaadQGfbGItopHxfWlKVlX\/19f\/8Av\/RirVepjrHl+im1O9XXCm7hHutxmx7S7e7cSidnYd7KclSQC69uiMCfIKJyQITQ0FF+r0y7tOvWxzTCRcJkifIBmdGF2S6ThC01PktNNopKqoINgACP3CIiicIiJUK6EWxm0+sVrywwcgwPEgfVZMlx8uzg2hwkQnCJUFCNUEEXqAoICgiIinq+oprriupmGroNp4xZ9TNX79c24MezxmGp5WZUV4JEhTNo2WX2wbeZLsbbrAvE7yCBzVtdAdHLXt\/0axPT60Oe4iWOEjByepD7l8lVx9\/qRmoeR03HOnZUHv1T5IlZgbvNxczehuOk6M4xqvj+GaJQfAl0vtzuceNbprjBKb0kTcRo5HBuC23HFw23Cjg8ioP6xuNdddpGj2hWjzGdac7mLPlGouOvNSVh2i5Q\/NNdKW0LLkMGJCuxiYAicIuzykrfZPEiVrptV1S\/LTtx06zJy5\/GZ9yssf4jN9v4PJPbHxTPo6iicSG3k+kUFeOR+lUWpVr5LtNet1qmS48CRdJDDJutwYhNi9JIRVUbBXDAEIlThFMxHlU5JE5VMttN9g2oe+m+yNYNxmQ5BhsubNfiM4k1bEiyGoDY8MowrxksRoXScRG3GSI0AnFIle8i8\/Bn2H0st6Vsx+05\/IuOkGSMsFk0M0gzrnCdBh4WQlA2nmAWzktSUIG2lcbdURF5W17a6VnV6W2LWvBtfd2+N2SL7Ky2fJo9vgxvITnhYalXRtsOxqpFwIonJKqrx81VauBux\/CxrJ+5l5\/gXqir0uPwJ6Z\/6z\/3pLq1VKzV9TLe5p5d9Fc70WZjZA1n0maMJ+FKtisBB9rcGHRddMyRCakNN+VkmvJ2AwU0b7cVJfpvbpcq1gw3E8Jl6R3jG8Tx7EmY0POHn3XYN0dhqxEVttVjgCESo4XVHTUfEQ\/PhVS79YLaGbvL5pFs7uOlGmsm4BqnmGZvdStsM3JEeA7Eisp7YxXlJLzo+NvohkKC4qeM1aJba+llnOW6J6oZxtr1RlSLXfYTLN0sdjlTIz7MUiDzSmWXAcJSJxt9h9Gm1IURuQaoBd+1yd3m5y17S9GpOcT7d8bllNYt9vtHnKP719xVJQ8qNuI31aB5zkh4XxdeeSSqAaebLtct\/unEHP8AVPXzw2G9+K4Wu0w0+JxxMEcYUzisusxYzoiPHDfY+XHUcRtxDFeg2Aao5Ftu3aZHtUu+Vx85xMHpgWWbbkRxuFNbaWU4KKp8sirYvi8wnk6SR4Hjl0z1KpVSt8e\/7HdqGPDb7EVnyzUWS8UZMfOeqFbRWOrgyZQNiSoKEcfhoiaJ0XFUCRBJU+TXX1IsQ0M0O0\/y+ZZ\/iuZ5pZYN7g4XHnoJsMPtg4bj0jxr0aHsQCat8uGPAjwLhN8r6eO7nUvWXUfU7ANZ2Pg2Z27w3q22R+yuW+REhuLw6yoqKcNN+SIrfl5dJH1VTcROR4rcFuQ143Ka85Jo3trCRZLbijz1qyfKxdabZJXfEyZE48wjkUo7oyw="}
00440{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":807007,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"LFbcjDU0xCwDBkn+CABFAAA2viAAAEARAADAqAEFUvNxK5\/\/\/ckAIoX\/IQFTAgcHYOz2ERRIAADwAEnJ5\/cABAEAAAA="}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_tot_l4_data_len":38565,"flow_min_l4_data_len":28,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test"}

14
test/results/bt_search.pcap.out
View File

@@ -1,10 +1,10 @@
00386{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00555{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752225,"pkt_ts_usec":251619,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00556{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752525,"pkt_ts_usec":284866,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test"}

50
test/results/capwap.pcap.out
View File

@@ -1,31 +1,31 @@
00383{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328949,"pkt_ts_usec":167396,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328963,"pkt_ts_usec":915032,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00458{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328966,"pkt_ts_usec":914891,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328970,"pkt_ts_usec":67630,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328971,"pkt_ts_usec":66732,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328972,"pkt_ts_usec":66724,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","type":351}
00816{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328982,"pkt_ts_usec":66392,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0iX0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAYyyAAZABCkjQAAAAA8KAAAMsg="}
00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00828{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328989,"pkt_ts_usec":70227,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00829{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328993,"pkt_ts_usec":294069,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766358,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00571{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766854,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_tot_l4_data_len":122,"flow_min_l4_data_len":122,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00545{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767224,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_tot_l4_data_len":122,"flow_min_l4_data_len":122,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00545{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767984,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00494{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":765658,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="}
00482{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":861407,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"uDhh8wWsJOmzR64gCABFwABcANxAAH8RZJHAqAoJwKgKChR+MFwASAAAAQAAABb+\/wAAAAAAAAAAAC8DAAAjAAAAAAAAACP+\/yDAqAoKMFwSNFZ4mrz11boJ8TslJR9U5jzXLHEUL1R1yw=="}
@@ -40,9 +40,9 @@
00906{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":44504,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"pkt":"JOmzR64guDhh8wWsCABFwAGWAAtAAP8R5CfAqAoKwKgKCTBcFH4BggMgAQAAABb+\/wAAAAAAAAAGAQ4PAAECAAQAAAAAAQIBAKzqmDA5ptloyEefacEa3YZgJXJyrzHF9nOG+TK9vyBNPWeO9+lhySpNcxfS8U9xgOzjbnL4Y8XZDOAhiQFo8vgjxgbH1rJwvhKQMjpbB+xdMWwdAZVbqz\/DJLtziqhxnhe\/GeuuhoXqmlJ7RBS889V98vMqx8wmgWQ9IXwmnK36CCAZCauFy7HXZ0sOzDk9wNxlY\/eY\/72RK74kwLuFDOHXIPaNDAU+HsbXTmvlbNtFVnwHDJimGDggl85KsTO808\/4PBQujPnd0LudLsXt0Z3ZQQ7ZfuPbaIy4ykb9jPf8UlzC+ettkAlrxmevD8RB2ZeTOWIDYXnJFAhBcldYXJQU\/v8AAAAAAAAABwABARb+\/wABAAAAAAAAAEBV91YC49Abw+RBYmothQ3D6tqvTueKPrWukdB\/wh0UtvIy46qL++VfDHw4siAWRqqz+G6lxJZxWYAYP9VmMLsC"}
00527{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":178283,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"uDhh8wWsJOmzR64gCABFwAB7AOBAAH8RZG7AqAoJwKgKChR+MFwAZwAAAQAAABT+\/wAAAAAAAAAIAAEBFv7\/AAEAAAAAAAAAQM4p0S2Be8BScJ9\/t\/V5ioLrBk4kt01aT9C3ULVTwKotu4SpBhH4dYERsQJCgfQ\/FU95FjFjz1ipPTEr6AwbtI8="}
02374{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":179779,"pkt_caplen":1499,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1499,"pkt_l4_len":1465,"pkt":"JOmzR64guDhh8wWsCABFwAXNAAxAAP8R3+\/AqAoKwKgKCTBcFH4FuaeNAQAAABf+\/wABAAAAAAABBaDmAzlxG66QVgkbosOGeUT5ktnM5kdDfqf0y4vZqHLD7ovzkRUa\/ObwOn6cYo4k9jzJQ6DMeI\/pr1EqMM\/AQirdxUjnphrCvlQhnglSCjmfZzINoGTcU87gocQNDgpypIE8JUFoPssg9PTkH\/c3zwNhbFDYvXQb5W2E\/UgYlVhikkkuN7d5FHT1h0PeLAckT63E4BEjFCelTVt6BqW6m+hq2vSZVEAcyoPuCMfD9z2FT7q61X2dcy41n6xQXr9OH6n8GWB2KblI+G0rmxzqC8DI9godC1JS8pBIRoI6yzZ8ZS9awHZUGf5k9fPcqxjjWL8J3dVlpkr4NzoXIBBCutVy\/5vfl8TbznxfTj7WziOniRxi+Iq24YaWL125+5UOOq8f\/zrftURrKAA9Yj2Do9NnNzE5h5kjOYFgZ+vb5vHA5W0IReEdYx4Ttsa3aZgoDc8QzeJSD55fLryL8nFdQW\/b6jHH6AsD4puPyKK12dCPsGdGbM0rMmFmtHOgBuJC72YtzPoNLKkVvKEEFgOYXK4onfbLLKAyWFvDafHnW9r5C3b5Hp3hbDLL+oxzlyHTPIDAPJgIAlLPTRo3Ma\/DHW14LsIx\/VRbCm7RVOZmzsVJYRDxf4n6K3aE45qtE58Zx0JFUB+yaEU6Uj\/iU2otshPCHbaRI87l9up85Ubwe3XRpgWSMtBZHZa0OTK3JIBIpMREShejSDLyKY+DnnNAoUnP\/7Ql5GVRBzZk\/QVy0u5lMSQSRMOF94ZXmpkkPdAxOlTVa5Ctro3OB\/WgmXbqLn7CLEawsy7i4OEM\/WnKUNDoB\/sO5hI3jAZG1+1ahmYqcdB5eVTkc\/fiuQak5G6m17muwaPWb3w3U6ffihNB1G\/0KZWCbJPI8oYBb0LrUG5\/efcDg2u6A5c6z774+yc1\/G1e3ie58xZUTJFwWoktEOOpYTKRyabVbkMeOD7fdal7VKbOlqnYYmCEVwynq2wyezZ1CMOPW94YDVkf9vO\/iFqRI0nrMAH9iiimfMD1bugFELyVDn5km63nh6nOyWmfOx1z6bxiiUOKFS4\/LYzlgovSdTCM8U2xFzjpasIC4XBo17pikTq1YpFHF5ZEsHIKa\/37lNcuYcn47q+wScm9i2IQ9kaLjI3mzMEOOGATB2NXOxfmV75qrGCBqw+Vvo6eIc3exWC558ll1oubhh1ajMKghB9wTXibG3lNkdb8gCKsGZk8MgR04ly0wrr4EGlv+gDQHMYbQFOL2eFlldKmVreEcLLGnhaPdMAvCF0UtdldbMjHcpIgbn3EL939HB28U0hOygU4J7S2\/MMCVwuQzKSqORR33idf2RynyvJBNFqpxMSGo5SRry4yCVsXD7xhGcMeMxDJrv4V\/mVkyRARl+R0jDprQYwEPdJgtt2PpqA55\/mcAcdAkHfuJZgKlQ0Vlf8nYtva9l84XhdZddmXlNcAXfkljZkNXHOqwQvJAmkKnZddci10scaj7OfU0sWlnTEAc5q9WHUiSun4sWxeKZdsn7oBUugugaesjlM5UNVUMHW7Rz3Hj21EOdnaCUQ1G\/mR9\/uiB5C2kdSvnpquEg+\/Cy8R3v4jrDoNBgsWmikv9GvL5Sji8foVqG1EYRqL7KnLdfHl1zk9SNomSEvntwoUI9eLKpsc5cMHQtnlUpcdXNGNQLDXqqgxXzEcgm0eeHB+NeiAFESghJEIkfRhFrs+0OKNHIYfgp+CHzYezil7WJPa2xzTS7eevs+L4+qJ7a4yO5C4SiGQBWrT41vsY\/uwuHHUJowpcu\/9P6pD08V7adBfe1BFvL9hq0zrk1iIJiI5otDB0ITAToyjfxx3j9Zlg+X8cBKPfE0XET4RYDNMr955aHBJz4dk81Q6TxnUQy0j2vAOsfFaxIbSJi1RJyGKlBZaB9mMO15X8SnWAVEtMz4="}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329017,"pkt_ts_usec":533285,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00619{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":33268,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00738{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":533282,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00542{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329019,"pkt_ts_usec":33154,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"JOmzR64guDhh8wWsCABFwACJAARAAEARpDzAqAoKwKgKCTBcFH8AdQAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFPxZ83RsAQJYlAAH4Ht\/dIQ8BABcALAAFORP5UJQCtLDdGwBAliUAAfge390hDwEAFwAsAAU5O8ZgngK0sA=="}
@@ -58,15 +58,15 @@
00739{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329026,"pkt_ts_usec":532951,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"JOmzR64guDhh8wWsCABFwAEaAA5AAEARo6HAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFsYeJ3RsAQJYlAAEcq6fyE50AAAIACwAFqj\/7QA8C8OXdGwBAliUAARyrp\/ITnQAAAAALAAWqnVZgBwLv5N0bAECWJQABHKun8hOdAABIAAsABarktYAJAu\/l3RsAQJYlAAEcq6fyE50AAEkACwAFqzOnoAwC8OfdGwBAliUAARyrp\/ITnQAABgALAAWsDwHgAwLu5N0bAECWJQABHKun8hOdAQBMACwABbCrFWAKAuXm3RsAQJYlAAEcq6fyE50BAEsALAAFsPjYgA4C5OU="}
00544{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329027,"pkt_ts_usec":532949,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"JOmzR64guDhh8wWsCABFwACJAA9AAEARpDHAqAoKwKgKCTBcFH8AdQAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFwMnO3RsAQJYlAAHYuyzGJ5kAAA4ACwAFvYpMsJICu7fdGwBAliUAAdi7LMYnmQAAFAALAAW\/LzbAmwK9tQ=="}
00817{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329034,"pkt_ts_usec":72795,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00156{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00818{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329091,"pkt_ts_usec":711112,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00156{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00572{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329136,"pkt_ts_usec":181809,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00572{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329136,"pkt_ts_usec":181810,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00818{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329141,"pkt_ts_usec":909488,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00156{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_tot_l4_data_len":524,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_tot_l4_data_len":56296,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1465,"flow_avg_l4_data_len":259,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_tot_l4_data_len":28020,"flow_min_l4_data_len":59,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test"}

8
test/results/check_mk_new.pcap.out
View File

@@ -1,10 +1,10 @@
00389{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734797,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734824,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
00448{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":736952,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8soKyPpERjIA9qTsCABFAABDXtNAAEAGkkjAqGQywKhkFhmc5nZuqQJO1XLoOIAYAONJzwAAAQEIChZRXJ4rDGs\/PDw8Y2hlY2tfbWs+Pj4K"}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_tot_l4_data_len":159,"flow_min_l4_data_len":32,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"}
00786{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737054,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"8soKyPpERjIA9qTsCABFAAE9XtRAAEAGkU3AqGQywKhkFhmc5nZuqQJd1XLoOIAYAONKyQAAAQEIChZRXJ4rDGtAVmVyc2lvbjogMS40LjBwOQpBZ2VudE9TOiBsaW51eApIb3N0bmFtZTogYnVpbGRob3N0LTkKQWdlbnREaXJlY3Rvcnk6IC9ldGMvY2hlY2tfbWsKRGF0YURpcmVjdG9yeTogL3Zhci9saWIvY2hlY2tfbWtfYWdlbnQKU3Bvb2xEaXJlY3Rvcnk6IC92YXIvbGliL2NoZWNrX21rX2FnZW50L3Nwb29sClBsdWdpbnNEaXJlY3Rvcnk6IC91c3IvbGliL2NoZWNrX21rX2FnZW50L3BsdWdpbnMKTG9jYWxEaXJlY3Rvcnk6IC91c3IvbGliL2NoZWNrX21rX2FnZW50L2xvY2FsCg=="}
00428{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwtAAEAGbg\/AqGQWwKhkMuZ2GZzVcug4bqkDZoAQAO1JwAAAAQEICisMa0AWUVye"}
@@ -16,5 +16,5 @@
00429{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":739142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gw5AAEAGbgzAqGQWwKhkMuZ2GZzVcug4bqkDeoAQAO1JwAAAAQEICisMa0AWUVye"}
01104{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":740312,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"pkt":"8soKyPpERjIA9qTsCABFAAIqXthAAEAGkFzAqGQywKhkFhmc5nZuqQN61XLoOIAYAONLtgAAAQEIChZRXJ8rDGtAdWRldiAgICAgICAgICAgZGV2dG1wZnMgICAgICA0OTQwOTIgICAgICAgMCAgICA0OTQwOTIgICAgICAgMCUgL2Rldgp0bXBmcyAgICAgICAgICB0bXBmcyAgICAgICAgIDEwMTAzNiAgICA2ODQ4ICAgICA5NDE4OCAgICAgICA3JSAvcnVuCi9kZXYveHZkYTEgICAgIGV4dDQgICAgICAgICA3MDM3MTc2IDIwNDkyNzIgICA0NjEwNzE2ICAgICAgMzElIC8KdG1wZnMgICAgICAgICAgdG1wZnMgICAgICAgICA1MDUxODAgICAgICAgMCAgICA1MDUxODAgICAgICAgMCUgL2Rldi9zaG0KdG1wZnMgICAgICAgICAgdG1wZnMgICAgICAgICAgIDUxMjAgICAgICAgMCAgICAgIDUxMjAgICAgICAgMCUgL3J1bi9sb2NrCnRtcGZzICAgICAgICAgIHRtcGZzICAgICAgICAgNTA1MTgwICAgICAgIDAgICAgNTA1MTgwICAgICAgIDAlIC9zeXMvZnMvY2dyb3VwCnRtcGZzICAgICAgICAgIHRtcGZzICAgICAgICAgMTAxMDM2ICAgICAgIDAgICAgMTAxMDM2ICAgICAgIDAlIC9ydW4vdXNlci8xMDAwCg=="}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":740384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gw9AAEAGbgvAqGQWwKhkMuZ2GZzVcug4bqkFcIAQAPVJwAAAAQEICisMa0AWUVyf"}
00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_tot_l4_data_len":16910,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4128,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test"}

117
test/results/chrome.pcap.out Normal file
View File

@@ -0,0 +1,117 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620902507870,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":870345,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899217,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899556,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuJAbsdWbUERLxUu4AYECwCqAAAAQEICjN0klQ6mxVSFgMBAgABAAH8AwPXeqDyUs\/4\/4GpyC7cQmIfjIDYOwMiNhyWri8r2nhJziBwlN\/eL66WXpAzektMXIQLhsqrrKWrh6bikEQBRa52KQAgmpoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACA68Y2Vy4YgXwTAo+K4xouQJsapDvYw\/iCmjTHqJSW2SAAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":928884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aC5AADQGT\/mSMDoSwKgBsgG7+4lEvFS7HVm3CYAQAfplMwAAAQEICjqbFXAzdJJU"}
02374{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":935852,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaC9AADQGSliSMDoSwKgBsgG7+4lEvFS7HVm3CYAQAfqdbQAAAQEICjqbFXYzdJJUFgMDAHoCAAB2AwO94en+BhMsHaREDHoXYfvyRWdvCf8e\/Agqu18UcRXmUCBwlN\/eL66WXpAzektMXIQLhsqrrKWrh6bikEQBRa52KRMCAAAuACsAAgMEADMAJAAdACAjITGqKUQtwsE17yP4VuaZDUVfbTm5qZHgcQ4tr2o0IRQDAwABARcDAwAqzmsawG\/aetzyLO5Vqmctg3ohQB8GpO2393UqH\/ijkooYM0KZIfrc5f2TFwMDC+GAJ7D3lDf7+5CbVftWbZJPrzLcjKzCoy1E7j3t7QqMy0mqGXwKVdo1oPO9+DxwhRaVkECaMJYSdiipZhQ+jqfXamoALQcvNKYnYmaW8pvMC2kZ5+L0vASzGAajEBBo6XYuR1PNjiHZv4mspEACkoo\/YFqOLHdqd12ql5+W5GmCsoxMrpAJXDL3KB4gB7qEMRTmBGOu5ta1PBWAn6CbrhDsExjyDAq336pfZhWtLX2bpkqsaNSqf7aEhh2JkR1zxiFak0FFizQ9vFBEJkULIC7JmVglg7UZgFBVgrHjjOFdwoZxoZy8uK0dwlOYBwlXMZrLjqAdiVGBPngPgdb9TB0BgX97UzPVvUfW74F2hst+k\/IacarJwmtarxUqqqgiSPrCHYVLuQRpXxqibYjV3dG6ksPMczqxfIVatbhWYs0jg22w0YSLkgTMGdQFihTArgps51WTP4JS1q\/M\/pccm\/1MGM8qmfr1518gXoMRW+PSfCqxUAAdMZz7B\/1fGDurgxBzRC8Xdh3D+3JRS0kd\/4QsVfSnTgFbpMkQD9Usp7cyLOxf2BvDH9kw74xV2Et59rH33\/x6ezl+Nus7T3UWBYEC\/lT9IWD8pfniywAHMhK5HdYbKMG7DW5mrcEQgvSrTymsav2qf1OlrzNLzFfNuA0TUZ3lEMTa+9Qq+jw4Lef69Znlkm+mJKBiY9ZswMemsQ37gsMOobBo4foPKNWuF54kZtgTzmy9psS+BBETteloXbAk7AYShI6J95XYhMw4PuW37QB3zm8vi6TFmAh+uxZKCXT1G1kn9y+BHMdwxYShTyEozBvwc4OeZlJHEC9\/ROynB6Bjls\/J47HXn40mSaYHCbJBYvyDoDrAydxE1bOqlnEChRNVOMHQ20Kd8+\/Rtt80\/sAsoFc4\/Bt1uufeA4CYV+kReTGbc5BeNSacrg\/Tko5C+coCRdV684Yc9yOO2BpCt2+BDMg1paE+yP0sSAnV0k5jR9Ik5HrSkClobI6AgvLfvRXo6DurI\/ErcG\/ikt9\/PJxo7w1F6igFv30diYkAVxSBB8DX7NDEJ7GaIH3zBWXlpJeeM1Pz5k9DqKzxL3VGhg66sGg6wesmKbPkzN9tE\/QKLGG7OSoWM48QJcuCSdAOKAWFpxzwnolalhMp1qEexzMEHHygHJgdEwLY4FtvUuI9ukrVNrQsQbpfT16gXBCOKcNfDdS90JDiZdFcdoGriHuaa0kqETueBqMOJvmj71\/vjaEyUPtblVcJ7fK7hgjqETTHhqVbiJe6ZG6Iuvp8B5NCFwhOtmKJ99KRbIZ18mOoVPgdhiAWi9Gv3wdCD\/RedRBIZSnWDQwFZqiRrZClM9\/lqqvTPGmTtNpRPcTLFcA6O8BMsUK1XtYY5us0j\/caQy++ONAzO8WX9THYIHZ9xieDc9FrP5Jh3sXIGTlxVlkcdlaegJqeHVp3uznPi6m0ovhZq8qGDcnsr5sz4QZ5TSahFUpT3HgPGDoJBOFIJMaY4i++XvBnsHMcBtEDjCy7Z4iMti42qoaRsE3EB4CfwFimgKHUTSsEBAF3WXCVdcWEyItkTaJcCOZF5LTh6Owy4X9uDBmBNWEU04zQnm4ymvoe2NIbjspeCyoTyXOgstQnmKix7VHRFIdrXtvnB0tu+TcayuupS1RBCHWkq8axBS2Svuim"}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936064,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaDBAADQGSleSMDoSwKgBsgG7+4lEvFpbHVm3CYAYAfrPkQAAAQEICjqbFXYzdJJUxjnsEbtL0BSIlnJfN5llHlyTsAFqVh8A5zI0ut6+NxtbM8\/imNL6xaNRj8wcfMpnQCZDQJqgG5xXln\/GYBEoWhlxmhyWR2Lpm2x+R+1HzABN36m0RPa6zHkByFrfPTdNF1n\/LdNDzBAmcjK6W9KSmq5AKzqGONS7vhOIiB1JR+fJrUIcZItAFq1cUhxWK59ewK0UJfgQucEwNa1HUqaHorXl6LpeRUWnCavaQRYpKb0Yol03cXIiSUyGcr9bp8VqweuiYKxQmon3GaEl1IPZlBciTXuXxhovi1UkbedPbyukWRaRGXLmmpwkAoBIlSAkoLE88GDYNi2pq3p3vNP1xuAJxELyBopLvkElOX234GFq95rqtov\/FtA1mGAIO6oB0o4PIv8yW36RDrCKnmdyOO4yk7H1tChzLPaFGiCPEM5j966CgFVsIIsvoYdK9F0B0pRUyb4kvGZ6llm59XAp6TsNjbxEynBz\/wqPMSnevVAwXYw3PFBE3fKJJnTfxq+lLO716u83o4EOY9hAF4LNMPn12c9va15VbGSUXY7vOKM7FInDZZzHKSq07PyrelmKDPfJoqanGRTRAe9eZo8iwh3wnS2kbEUZbexYOdsmt9D5e9el\/NkPCRDGJbb0jjUYrqo\/vSg0DqrvvmsMHZiA+hAGHAKBg6Sv6HrnxCB4bYQqvuWNBKGdnWBf4BS+JS\/+1aHVuud+RsvxyGKhHUPlnDPedQxrrjQuYS\/xXh76tSB0cJhtaVqjCQPr3R4UppNHNEyqtpVbQkpxz87kBF1VTjsFAuWsPiSvUwn1Tsr2dIVWlhEPuKDcy418n3ooBSfbjc5dkJhDSIr6AYZ8gtBBNXT8U6SYh21c9TR25nbRNzRycbMi\/Cq1BnU7KX0vLGvRSMdvx9nSDuP\/tu2OIWSxWOB3HbapMll1T3fksa6m904w5Lv0r1inIfvs+UQkAjMvjzn8oAl4srRc4MGkcpHj3glUNvvwuRLKOqm1FT\/zEaFPNCzOa6zlQW+FLzf\/Fmt3gGJn4MFAbg4CpU7RfuIxsWou+rIpJhounGcNi+d9wfezO5Vuq15NauX8L01ywbdnsO23XFfyRE6yqHXHji6Fp+UH\/RvTlwYQnaCAFkIxr4zKl4kSg5XI2XTAwnc9vQ0COl2Qxv8CWjWdtZ71yopUjCeLxrqKPkj1PJ139rvqP\/FipAZxVB+0R2XE23\/ocNUo3ESwwmL7sbAOSy7s0JJMguQpmUjN\/tN2q1f0tqEEqYqkKMJfpSYga4dOjVux3AMmj9RJqT1SDK25i9E8AICnBBg1iPi8JitsipwnnUQhnRXfZbvPCimsPJIcp2Owk02TUqxCVRut\/W08O1ARKahLy5Nn1R8s58E\/c5JJk4jczYkk7NKFkCvqf41BYaM7eoZkv1sNI8TuQ5ETcJxjwxJWfM05KFnTklcexo8qROXA4Ny597ElNO998Hyt0D5QOnARRZF6ar1ko9mLrHdCwOuRntY\/nXsZyfARKAb2QV65iw1t\/\/Lu\/Azlb3IsM5i10Y\/NdhUh1yJNfKfKsgddusEc8GDs1foMVVoyBP07xklhg43BJV10X+EYze0XppvQgl9EMtkjHHjgABp0b93gmvKoFqOMmnvYN0GhfyrPpAgu86hU3R\/j2zbHTlaffiqjk81phGAM9n9jcf+jAfDQTxPoxdWCEbHijPGwYEzZbfyfaDPOQtc4do0wGjkSfAWpidTVO8UEUUYTrchhZ7RAjk8uVUfT3wM7+HFLjOqinBbmhuVzg1W\/WbexrXsn3Ep+uGE0H11zbesVR9EZrQyFQSCBos5gq+qFbei31jyAf3kTRd2bWb4oKGzcM7QJw8\/t+es\/6z\/67FNQQY8MS\/22IN4\/niGlxRq6Gib+4q6PSmwDrDzwyMbBylLsFjWt6\/r5kDG5"}
00421{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbcJRLxf+4AQD9NL8gAAAQEICjN0knY6mxV2"}
01378{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936563,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2aDFAADQGTTSSMDoSwKgBsgG7+4lEvF\/7HVm3CYAYAfr8fwAAAQEICjqbFXczdJJUrRs\/wAnOAwB0z9pBueElFo\/1+aP5LiCKNfUyYFj26EkHhPq5SToROb6NhL79EZujXALq6g5v3QBFRE9oec2aPqMlCxswjZKq3HzLJBdKax6Ibtq8cLlMWV1BP3UJS5L7PS8I32g6IPKoB\/VTujst1E6shKTYOUcEdAjPgbQ0NCCXAOSvOl+j+lTVWs5X8hUZP7RtdEDb+n7FIrxAK5ZbyLrfvZ7MUbYR9Ji11n4ylVmnDKLd0Yd5vYWaX1qtHvtgbCbFCLBF17f+kl1LlHoIV6v1G1kanGviK0CeeDuiTzBlZq0jFwJzfddaTsM9C4ufpn2mRaCZ0AEDlVjnOq0VAtL5mDGJ1ynQaRz8RNwGXCYO3OjnJAW4k2S0sos8qbibm1Wzp8jeu+JkwT7hUJ3UrNiCBjJEPMO8VKHG9rsdNxzLr3YaflHmOytJ86qUhikgMOW3\/+RxFTYbNhcDAwEZoe75ck\/1kvpV4Ky4TDeZEzI8Sx0nO3B89o9+WmY8rLylrT4OjdkhyUE5msw01syko4jXlGBQS5\/Xqk9hl5kV0eq9kbSe18XAFpD0GGpwQIm\/NrSVBmah4HXlXXrYTR7GWtj6A0WuDCq815VoW2eqM3axe3RFeIyduPSJJAyLMczTuFXB6iNTzgSoz6LauTCA87n8LUvcDcDDo6rmGJEZ5+JUq6bVah\/CadC1yBKCS+GBlN3feKJ0pirWRh3fzJyeaJOu1HpVccsRFytNKqmL6XK9mWr3OdH6wrr33JwAF6QN0RgYMQXXI2C72jspgbBrpTxaPJDQ8kSRYQHsk3UZzwj1kJTqqSBOLvWjdHegWKDSiGJ9tk1yKxcXAwMARbf\/Acvdt4JoOJUI2Q8koVq998pnmtWTFr2Gf2cGDSjaMPsw5QN7i4bRE6rMjPOWraHUJzf8OOrKJGLvL5FrpvdjIy2DSQ=="}
00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbcJRLxivYAQD+lJGQAAAQEICjN0knY6mxV3"}
00538{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":950183,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuJAbsdWbcJRLxivYAYEACzrwAAAQEICjN0koQ6mxV3FAMDAAEBFwMDAEXRNba7gobRuv\/jJFxV6kN9RSerIVKTWO2RnkLfSs9d8RPhLqAJpt\/sOqdEZUU0oWmlSvbZ2wfxBxXk5DS\/Bs\/k3B9gI3M="}
01441{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":950505,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"pkt":"EBMx8Tl2KDc3AG3ICABFAAMiAABAAEAGqTnAqAGykjA6EvuJAbsdWbdZRLxivYAYEAD9tAAAAQEICjN0koQ6mxV3FwMDAumXZF1hXlxiT9rAsXFIZF6SZ\/Rn9D8dUZaSs0o87u5FtyEoT9ZsbkWjzaiFuC9cXOijUCzl2zR7A2J0TQsovpPaJYpRp0oNU\/fwce9UGGzrELO8ULmZcXKht+paXgVKHzJjAOSnZZiV\/KUnc+J4VgfkJtSkZG4e0eKVG+KrvX9e6XFtZ9xcB7b93B4oSOF2CnbyJh7S+LogdNxtoVz9ahDiKpmSJMhekbneeIvjq2dul1UCCCa5SuMftWAEbTnxef7Ynwea6CqAdJ2vOylJOlr2amu07qv0epDw4fpYpXR5JKhLySF\/OMo1W1HCn8VZEt2SSTlwQSTq6d58kyUIRBE0h\/osR+MghU\/qDttbJPlAGWmvyxHeEQTG00ty+K0uDtBwpHMFwFOiBFRz+DNPmQjpN3HZBtAz0Qks4TZU1tEYSL+82atKnLzv4WlQ\/xsaH21WbjiuUG0T6y2d8m6\/4zlzPmcoJl2607F2KBKeZ9m920EwiTzHF\/hGh\/jsR6iPbcEfA9EKi4RydUFQ7ff0B\/9UCal33xyImx8mD+qp97nrZKid08pfKpzcoRUY7Q5Q2dAxAO2KWh4I6NNRYaINIi8BUUSoNAFLobDIbkXT4V4VKZKxTwdYyABKIUHG93Ns4nXjjpbK5shfusllM\/0InCXYDCq3Z4vxgDsSE4pZIpVU5GGPO4QRpZmweTEdfL8hnmtQV1PGVLX89RWt6FZRt67TGBUHuJR1NZafNj3uILXR7cqEuxTRyS25siu6QYK+uCTEXRRmfDhBheAlc4DRZb7KqhonKiZ11lOUkAAmapb3ab0nqwi4mlw8BTgb34eFyup7ZNcTZG\/mMbkD+eIVVGwKUEgYpE5dZHsx+Lq\/3qgtiBiIrwCHWNz3tJIyzMuB7V563pcF5OfhCC5wRdr0ekBO4G2o6Py85NFB2bJsXX8R3YtYmjAA3dE41d3\/bjAHsIXHnaFUgW3PoqskncqmomBm2Td5IjXBGI7N"}
00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDJAADQGT\/WSMDoSwKgBsgG7+4lEvGK9HVm3WYAQAfpWfwAAAQEICjqbFaIzdJKE"}
00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDNAADQGT\/SSMDoSwKgBsgG7+4lEvGK9HVm6R4AQAfVTlgAAAQEICjqbFaIzdJKE"}
00834{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":979058,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjaDRAADQGTsSSMDoSwKgBsgG7+4lEvGK9HVm6R4AYAfWIxgAAAQEICjqbFaIzdJKEFwMDASqu82MYOF7Ocu0N6Rl7HCPMVxYJ0Yu4+wefoeMAmbRYZjTOJkRiwbOdCfASWo+p47ayCLCa8qiZPOcZ3x98ClvtFFUSN3056CfnE6+RJ5K\/RyQvU0Cqfug73XQD0k5hNEX\/+hMD5+TMkYmeIpGVbnZEbhaVJrxMfumjrcRrjcuPFwcolVrTo1B7hA3S2yKMbJ6iUBoR7LS6Ra6MivUODlXDVvbhLq3NFifyUpDKDVM2VRwESUrIhKnY60KryH0Va3TWlzar7hL1OJWBWTy3n01IH+oJQStgKurFFksiT3ssfVcLyUlprjWO9ht7\/g1zddPPREF05oXaQ3YfB+aSxgHz3\/HQOyjoohrMsbaXLpxIj0326qtEUmfxrHgP0dwR0asUQmHul79w29Qa"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620902508740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":740717,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
00435{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769205,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
00422{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
01284{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769889,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuKAbtgbcSoXmXm24AYECx0PgAAAQEICjN0lak6mxi5FgMBAnYBAAJyAwMCqtk1wgF3mmHFXReI\/INqovtCWlLQ6UL0XjDl9ThBTyBFEoSZoVggbsz2GSx\/2xqlntevPGmCQswE\/y7Vr8pzswAg+voTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJWloAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACATE3e3OFsrXs0GvT5ceuP9pkQHg+4NxHatNUTRuXn\/LQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJKSgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygBngBlIoyGbwAmgLDQpl5tkcwSk5CG+PkofYG3BR++\/05URLCmQGIN0IQZ3wYvZDIPQMaT5XV4vgN\/p08X7Xwm8dAHtBI2fhXt28FHYxsb9XJq+8hOm5sXSXLGO6GylxYnyhIfh\/OF0m2pK20c0EttaG+X3xopJYhysPLovAxdq5OL5GeDqW0fQEgKWN242uqonFBbxnO+qq2JLFeGMuG8av6DBM+Qo\/PTS7rThi4\/wN+hgwtddmcHTtBzYRgMCZEydI\/48AJXj+BvvB0P4qgtNLv2ttlF\/gO+w5v9rup2LAG+TJEsoGQLplU0t0UBXZMYKeRmkAMTBt6WqitMghRGDh1vMPhh2n4xwuiB1UQQlCdhgcI7OwWsmMdWaBHOR6DAlIEwx9R8o="}
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":797588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynRAADQG7bKSMDoSwKgBsgG7+4peZebbYG3HI4AQAflffwAAAQEICjqbGNczdJWp"}
00777{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":800346,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4ynVAADQG7K2SMDoSwKgBsgG7+4peZebbYG3HI4AYAfl7hwAAAQEICjqbGNkzdJWpFgMDAIACAAB8AwNEvGNnKlFs8rmia\/9733xHKqrcA43HdYGe+N5e+obMDyBFEoSZoVggbsz2GSx\/2xqlntevPGmCQswE\/y7Vr8pzsxMCAAA0ACsAAgMEADMAJAAdACDM1NRtnCzUR410ICWHD9eCVd8djufKQuKceuW1g1yXXwApAAIAABQDAwABARcDAwAqCYF7vx0P2kawwO4\/SddttBGBjuWmlx2mbqZAG42aEFb8Hsk1mL16Unl6FwMDAEUoKkDspLQAqh6sJdrBcZzItRF2CLVA9WnCr9bMS4cpqKwnj8nHqEavvrwBGXeFVuw+SB+QN6axuVl2MnhulcEjUFG0j70="}
00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00422{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":800419,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbccjXmXn34AQECNQNwAAAQEICjN0lcE6mxjZ"}
00535{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":802460,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuKAbtgbccjXmXn34AYECObtwAAAQEICjN0lcI6mxjZFAMDAAEBFwMDAEWN\/WLUQHv6Jdjx9uLxisnhCQRHYpIWN+UNEcjOzDB3LOMW9mUBMe8n3AU4xW\/lcUbakFqqg0RpNbEojAL6nqd2Vw3zGCo="}
00422{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828719,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynZAADQG7bCSMDoSwKgBsgG7+4peZeffYG3Hc4AQAfld8wAAAQEICjqbGPYzdJXC"}
00832{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828835,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjyndAADQG7ICSMDoSwKgBsgG7+4peZeffYG3Hc4AYAfkjzQAAAQEICjqbGPYzdJXCFwMDASoK99X7peGLel+vBKFIQchqeP2r94hUgvj3R+NS0k53CQC3pHBXjaQ36rJN33aZ2+WUlOSMK2XbwFUmtctna73Gsk5J9LdfRc3xcLyY9fM82FYz+x0XztgmYjj1qAhhRsK1OjbDF4klraXJiQ2XmM076UKED11XWm+09m98sDnbaRGF4EOaUWOKFVElzC43s9UdnlnxhRVN+rhhvD+CbtnpY8SJQUasszWyozDN0tU9vbvRHlCQnK3Ts58hzVIM1IPhCwSVVgWGmbaTnoS0cDU1UMTE\/ttf5SS\/yDBt7hC2lFQ85dF4t86x+Tu8I+3gnfvMwUOCYa6Wc6OUBxifF7oEyaTTkwbfvrfAiEOWd1UFeJLXkhfxSNDWYwQB4kd9EJERG7WvoCdXYUVv"}
00423{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcdzXmXpDoAQEBpOjgAAAQEICjN0ldc6mxj2"}
01392{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":270667,"pkt_caplen":783,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":783,"pkt_l4_len":749,"pkt":"EBMx8Tl2KDc3AG3ICABFAAMBAABAAEAGqVrAqAGykjA6EvuKAbtgbcdzXmXpDoAYEBqE8gAAAQEICjN0l3Y6mxj2FwMDAshIBmLbUmNyqGq5bZtWIEkTQEfzU5L5rPzKZ+6rHYeArP2fbK\/kbyvx3Rw94ExEzOSv60xEtOToTNEEVdo1H0mZHmANUiwR6f+aNhCWgqBlMfs84fb5rg81ssTO5OHt597Oe9PkXmBfYCkAvhQbsn5aQM35L+Sjxw8xgJzoxOcQbAPli8mMia+44FbqNkPrq1nISrPQAi1BS3xxm0pt3texgbSZJzQFOkMZrdn+B\/CvLnUw1kuxGiGQQGIMqTzR4Tc653x9y7NjxzBiK\/cA0LL\/tJLoUfPBYKqpQ5VPTfVphc7gXRnemxWOUMmYFhjhMqQgAm9526DpC78NqtKMgXiwF+tNVUHcQkzQheB84bi1CDvox3d7sTZ1c64jna4clJ9lq1bXqb4GOEM1Juw3E4gjSEdrC3zaTv9OXC8iIBhui6N5yMIM4odP38gIq7RkhjkuFaopeRctjRe43mJqh2ZZ7ZxryU\/M+vGtU4H+qO7H6fxA38Lol43NziWB2QzJedR4YSGRigT2AM12T31K7baDa4COsoV\/2+jWM5g\/SDSDBveybZJ02q8\/I1WBTCkUwgISAp65JfEuEFPhLlaaQf7zSFtOxPkYMwQcmM4t24HvCplC6zQsBxpzc88WxvuvXcz3GnrnSCY+5zLUSOluHNlElaPPKBybqt98dniClbc8zESHP8zL6RTISvxyErfR95g3HcJoleJUgwvUruYi9xm4isbbkKt45EdW2UsbDAoeti4cY4Ot2YV0q1KIHUsQuJjsB3ckUC14VjzfVI0GvSDNczcXXhp4uK5u60wevNSDPi5MJpr8rDAA3Btqq+CcQLCvwWIzyl5+U9F6pPMIHiTc2C3D1h6RKhCrUkLV6utzoV\/Z5FIZffQhVEuGJaXtsyHUk5ZOaJ4fbXnLZtzhnMPydapJB7ydqWJEW423G4\/1gQlsKVDwfjhs"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620902509272,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":272814,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620902509273,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":273191,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620902509274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":274034,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620902509276,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":276446,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
00423{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":297599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynhAADQG7a6SMDoSwKgBsgG7+4peZekOYG3KQIAQAfVWcgAAAQEICjqbGsszdJd2"}
02388{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":299347,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUynlAADQG6A2SMDoSwKgBsgG7+4peZekOYG3KQIAQAfX6owAAAQEICjqbGswzdJd2FwMDATGYJH3Tfh\/VWL3n9mUsS4wSTQKFYup+YEAvZABy0CISZyvXqVjGbPr8PrY4qo\/Ab76GAua7iSHmfFkM9KN61\/p5N0HweQKYekUJtIDynTUX4lef8jhzPQPIGByIALiUfFKUZJz\/xVuexdJyaozEpz84y0Q4ybb0G+PfT5jWlXoe4EiQ4qBOpysdt3Y\/xlftcKEtvAHgIubFuagkT+1ZzWBP0wW2OabCiMzMzxacdu1lcn6S6ff82N9w4PGRbrHGGgc8RIOszyZlcvlDWsOzZ8hMAPJNIA\/nbY0f\/qA5qBsqHTuew1X8rne6oKtynCGk0wNnweKZ+iTYE1+yWX5tgs5p5W1ZsvBxm7z5gobnESyAayyx+Jg\/efW3x6pswK8zW7WEpVGnItUafwDon9\/nOKVzuBcDAzrI5+xRgpIaQTp3YZR3RdvqfCY9ISq9w5pgf2qpbib3D\/T9+dCQeVmJE6TLnA38s5tYBLJcodOOBY25WTIdsLJ\/AeuD7TwtHcl30tav+TlTwLND\/gMfHcPRIi4EGavP25JKzpSTd954tJfB6B9brfpNzjcmLR2YVIRADZMNLpkRzNlazKpFr3mlT9z7UqaZUsiEk2IFPUpnPMOIuVGAlB7NjGXPFxKtWmSLR3gU9ZkaIPv0cdT0tyeWunr0Viouyuc9fqZKetIeuRE\/cm\/Lh1Dwxvn5dMsfH6bhmkIcIzzNk+5Dg2rqz4RBiZLlldneK8EUGWszYCKcmitgLXQA31G1Od5YsMH\/qaPL8N\/yNYXBn5fQF77jdAvax8DMaC5AgZpbdno08nQkA5rufI1wjIgscHC6ZKXopD+\/xDR5RI\/RCez4e3KNF1XsQeSppCCuSTuuDO6Hp+6Ecl9Y692OkIrgq5vtOKdF49ETDpJLolM\/mV1tueJki36LadFzSkI0royzSABbYIRdSDojQ515IOND1NVpwF7+E7nP62DA20AGRV6LHvbcKExdbSczMprz34KTr5IJUFWBOuTykSKhOZCjIRv4Fc+duN4n\/Rfm42G8KJG\/O6p+wnYYKWgB2WkTEZUBBkAoLcD7mfpU9PG3LyEmp2HWxGfz\/54b1CPfw3avDvHLgHpi33am0FDlnrsPXxbfyVvwHgKIrucX1lB5zvKCwiBOvNMAljVlbdi6II6llSBIDESqGsbpxU4gFch6R9w9UzDCTcy\/td16\/gmOj2yDq5dg92jhI1oZdqrO0NFvDWmsUr4zT1HypPuJO8h79ZFoRKcnk1BZdJchsJPTgC68yQ\/IwSTv\/7VjpDBXPLzouKeBgk03TzlYT1S+f7AyfxnWJtqsIN7tfJJ1Kt71d3sijlujrEcTfEF1RG8YtjvGuCfH0eHV1\/g2NnTSnfNzRPFGFnaRRSOeV1LY8hFJ8GODfyBzs0XsvxsVIqAZlSeSba86yFwCpsCt45MlR2Un8shf\/rMTDKuz5z9uo22sQPN3aEI5bYUXPq6RvwVPNzsfeH06gwZ7Mdmt3awsvZvp\/w4+NtVHF6dR6ibuT+LS8DqJJjMynlJTf5sjWUO81wFUWLKP6\/o4pJLP1Qwa59S2lL8fvTDf\/Tqc0gynrRvkM0dV+vnHt2msCNybrm6DLRiRvDXyd1AwN16WF4YL0KiyUawUpG5Bv4DzgSLzQ7oBCREh\/HAeyrgM5dtgmb4bqntEs11RESYWRm0ohYv1PLxkPsA8jdkOllAP\/Xr3H7iE9ivQdvLsEYwCZRzCcfyBmCTC3Zzl5yEJWpnCzJku6G7Nbw+4BASkoUWncfgapZWWurpFRPHNoY\/UL9B\/IK7jQFo07qrZiAyvxPtWjLPogMtnNWXCRwTJtp1ICkWMG64zGGAdpYJWgaBpfZ6Qun89srdD+YBTdGp9hI\/K4Y8mtWHH\/WxsJ\/Hg4EnOxlvTamX5t7nDxdidy\/1F"}
02370{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":300740,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUynpAADQG6AySMDoSwKgBsgG7+4peZe6uYG3KQIAYAfUSZQAAAQEICjqbGswzdJd2iBdv8rknz43663CQ3HHZU6BwPuOgM\/EFKaVdXpps3SaxihhhqMqscxR0ZEHWcAxt9wp1m3GcYbTMPxdyEx8IW7dBn2P1571KovpgVCOoeVYhVmvkrMyh4GISw1VqMcveYFjzeOrZ38lZuNutCkHPgB86B1KdBd5n4SKA++5wEjYs7OdE7CvP9CO\/TtO\/JXyHcSyhBVVSodk2x8FvyVhzZRKeV04ULyw+Wb79qS3W46FbK8tIvpaDY+IG8TtWRJomIsVWcHZ2Z5SN1\/Fa1Ue7uCQRIK+v486gsSotvwMr3Tm+J5HJPDGos441+G5sq8ZOCrvAIbZmr4iTjebFsoQcPsDsjbySwAeEQrVn+fGmkOnxaAhNR+3YGN\/orTVdNINUNrQ4Ei8fsgWpkuRjtt0zj199VT0mM58av6S6DDxeLSVKplq96Ga9WPlXs+wgR8CV3DDqXzmPLtUiMbEXCjrXhyCaRPgU3mClUwx4otddnYm7Ku25KEzKK5vwAp5LwkCiQa6Z1TVUnIqBHgT9gFoDSHWaTZ20lFEyJrCx6hwYrbqtX9A30QOpS0UWdicKv7tMTFycAHMKLtAZEYN9bSubK06Hokr+Xl8RhJYcbeVaD\/L0HibbVFAoky7A1TPWUT5O3\/Xy7a2DGrABrlUgrQFskVwHLCPm6oV4Jk7ovUCWzZUMXcAJbq5xEURM3Wl8Xdf2f2eq4wuNc4rKy5svkFceQAQSX7gxigC\/GTdpP+rgqEQcBf2jC9o9yC6JTF\/l8CGHSbrYQGMrdKTZVZPh\/7GQ3jNN2nOYrdzSm9swsCbPzs6avxRHTOW9yTeWhkk9o69jMJzhQyazL8G5yBPS343EZES22D2so9Gn2Z5CnUF+RyuvFBRTIhFUVE+llLUKVBEUgqONgcwtjwMqoYQcvszIzrzbP8Gz5IdEhhpYw4MmvrPcy9V7x9ArKjWcp0YLrWWDz8bGVgdGtWTvgnHbB11Xylyk\/KKuKl+3GG3BCoG7eCec3B1e25bbL3paQfAN4iZLJc2mPZtax6oc1efdHbqsGE4P\/zhLSPqL\/bCTrc77i30cioIOVtDFQAYlw82P0wlM09K+1g42oeKNbNLFGthIvMfv3f9NKCCvU4NfCzzrIPMWrkM1e+3kRzyixnM1yzp1Ef+gIAAaxHwkWQWFAUZKyFhqyPjCg+sdPtyVe1g6cSL2gsyAAnu7lYEyB2p4LTCveb+Rdy\/+kFee5Xnv8\/PE8ahxmC7Fq7PElgTKOJiEl6BxdX0s7egh1AX45S6Da8K59JuFtFXuaZreShYvls\/oInQVTC4XgrY7XZiq4OMjSp+E4chfvs7sNoEMAlBv9gxhyeDz4xNA2jUnRxYtAhkxF3JrS9DrB5c9nkpMAYh48uLJxRM1ilsrSf0FbXr6MGOyVdXUr2cvD2yNig9hLz31NYk7iNazhMeUgSqrNTh11crG1reo8eNGr6LE4bES3yaosxGN2rMM2hxJAH7iFQB\/hBR4s3oAMXtkeApEnSlGZcE+xy5EkXFMNBfS4k\/6QLXRLYUwp5CmIRORG3bhs1oiE33uM+9MnBbAeraajDU4VwK9jd1YrbWVUq0WheLWoBLt8vAk0Nd0e+P7YlKA6qDCG0IqG+4iI5iF\/18fCBxY27BIvYNkoyIjBDxivI2RONp6zISb8TSuRrnoco2a84cJlOi0V43wqkZVQ92gOvWGk8knrAIfTrPOW1X+zYNdLiSZq7HnoimtM+CmiHxmD60ixsVsJqobFciMXApCb0hKSuYIKuHOcK7oQQ1l191Ojp50q1yoRnu3hzwAmaCcK9xRV3aHGLTyGRuCk6Fx67iGDfW\/zcoYaIbZqnaOB\/BuWaFdpfZBcWQtyvPR7qE7wx8HDrTddrYX9vLqu4xh9T0UoQcuyMdcpKpIBb+38JA2ywbx"}
00436{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="}
00423{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"}
00436{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302633,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"}
00438{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="}
00423{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
00436{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303215,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
00423{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
01283{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303389,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuZAbt3hYKvdV9ieoAYECw9qQAAAQEICjN0l5Q6mxrNFgMBAnYBAAJyAwMbONTKSobWCChLaoCmtvCx9\/pcgkTaqzrbkutJyPLiiiAasQqGVnwXQsOOo5jRZ6QYT1CK7uD5XdKRBJ7yUd1W1QAgCgoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJamoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACCMB4Sr5kZOgAN0tULVonTgn5Nij3DsLDlo2DGvxFS3UQAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygCWLE0kui4sgtM1uL6vzp2XjKj7qFF1cVEZiZ8DNfAhnNOKGWmDqAezjvAmwhBr0lj+CkITL1PZY+KIE92UEd83VIlba64swaeetUJem3b6DiVZr+sG6v5nO24w5Fq5jNooCYgea\/kSCyAgKJw9zXAJkF+ALbg2UnYNwTrdv8UPPYWK\/\/FZxs47otAScGMYES95F\/UddJx40v3LL\/2MTqfWFWQPciC8dXh3pVmMH0FgERSOK5xDJguySwBxpXYyQEhLfajyKuuk1x0FpqqqHVJ9noGsOyOGkaLXVVsVSRGH\/pEJvYOGNaqccYbo8GZWI7U8\/S3MAMTC1t7pqBopyN+bNR3r+6YjgqI8u99b\/DXkSmTFHlni2n471uDYr96gynKaHq24YiaE="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01287{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303683,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuYAbvjd2YTCUDCdYAYECx0YQAAAQEICjN0l5Q6mxrLFgMBAnYBAAJyAwMQHmJhlHeScT7a9egK2SjOzyaNKX\/ov\/FX5TftMs8zmCCfkPb+1ZsEYNNrxkVe5BM24z4mIR25BtkXl0BC4xubrQAgSkoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBHHmvJqS0E6b1sf\/QNMqQwNI+sBMgqNEguKyS9wQXAKwAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygD\/1Ed8AhagbFDO4w9YNA2cr3sFrEQ9Slid5TZVf2ljtvHdasUip2wOHkRhUjqWumvMshtAJmTDjAZ+n4aciI2iElpX+sae8N6RFewPghBeuv+gvEaLKOqScM\/qhAMP+UjLorSsDoaMAZ40hGjqSRu7qFHq+SxJ2eZsZ4xm5quGG\/cLYpXLjWAIttRHSotpAwv2wFae6ujdlZejhNSfP5lI0b3xZ+2LWmU\/E5doQrJa\/voNJ70V\/d\/M6psU+c4L9ACb94Vf\/p\/Mo+CIkORvg6qwDPWUhGqnoTtz9mIPpXylHEcA96JXtyeO1rrBJSBG4U48diqoAMTCrJK8S79Vkr05s70NDyBq5vnuFSQ573cgHwcs9lkE2t8U8BogXT3+gejSZgS\/IG2s="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01119{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":304055,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuaAbt39JnGf4gLD4AYECxAQAAAAQEICjN0l5Q6mxrMFgMBAgABAAH8AwMCpM4ap6FxMcuum4k0rFOx6HKELsU74ZewAm9NNFHrHCDl5mYK5NyKLhR+6cYFEa62hVKl7RtVXWgVBX69oQSHcgAgKioTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAI2toAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACna2gABAAAdACDVdDEDWQarcksPiULXEPcvgATD\/InPdHmyFksU9j0rLgAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDKqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01120{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":304589,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvubAbvm4fjFIdXz4YAYECz+5wAAAQEICjN0l5U6mxrPFgMBAgABAAH8AwPu4vpXPVJNlXrjnZXiqHfet\/5isXgiQo8YmHFRC+jacCCRSxgXbR061vVKAt5s22lo06L3Jln\/c9UF2p0z2Uc8+AAguroTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC7JB7a1tLwPRdP883wFtQgfEydREFgd5BZJX4R7xYdSAAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00423{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":331464,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmJAADQGXcWSMDoSwKgBsgG7+5sh1fPh5uH6yoAQAfrQ2gAAAQEICjqbGuwzdJeV"}
00423{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":331480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ro1AADQGCZqSMDoSwKgBsgG7+5l1X2J6d4WFKoAQAfnzuAAAAQEICjqbGuwzdJeU"}
00425{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":332600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neJAADQGGkWSMDoSwKgBsgG7+5p\/iAsPd\/Sby4AQAfop6gAAAQEICjqbGuszdJeU"}
00423{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":332619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NpVAADQGgZKSMDoSwKgBsgG7+5gJQMJ143dojoAQAfmwiAAAAQEICjqbGuszdJeU"}
00779{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":333977,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4ro5AADQGCJWSMDoSwKgBsgG7+5l1X2J6d4WFKoAYAflGUgAAAQEICjqbGu8zdJeUFgMDAIACAAB8AwOW8QHI76H1FbK1zy9TxteroBBhH+kMoXErAXH1+chUeiAasQqGVnwXQsOOo5jRZ6QYT1CK7uD5XdKRBJ7yUd1W1RMCAAA0ACsAAgMEADMAJAAdACDJaIxLn3zJRVwUefCeKmtax\/7VXrl5gFitp0w4aaNHLwApAAIAABQDAwABARcDAwAqfuYJBezZMzUPYjrnR6wbCHM4WQkLhPVcAYjTuf+xEjsQi\/ba+DKbttcpFwMDAEWb3AKYdMM70kgDDgrJVb6b2tMsYjgYmNVQE\/ZB\/ShFSXcte2DmUlVZ7UR\/dSSlcF91W+kWjmL6XQNccWlPii0KtspXP00="}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00423{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYUqdV9jfoAQECPkawAAAQEICjN0l7A6mxrv"}
00536{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334622,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuZAbt3hYUqdV9jfoAYECPB\/gAAAQEICjN0l7A6mxrvFAMDAAEBFwMDAEXYvH8kGtAzlg2rP3ab2Gp7Hxkjec9AYRk+0soUKoNzsQT\/jByhtXCexgx8UIRDBfo6RgeUqdHQ7rTiZOBs0B8d+4HkDUg="}
01379{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334956,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuZAbt3hYV6dV9jfoAYECPzPQAAAQEICjN0l7A6mxrvFwMDAr3lNOWVFdOqbGnI5CK66QA6DJex9aCdUmmndBhY9CySHCjyhnlQ+CHaIb0snCVUvnrf0H9t4Q\/Irl1XjLpsKMW\/+wU1dYL++b1ioK8hjuP7HAmgQ5GtFi6OMj60hdNYzyYRlnn9p1Pf9Wt4SSek+lImgr8ChmHXjKkMyio3gWwSLcmPmmkgq3TNZXJ4FO6X0n\/pGOE1eOp70M5LklKr8zNHETk1+DOimPKGxkum7RwKQ2DkxpUSlMQy8tjlkUWUghgtgwjZjpAnPib9EMvT7sKmyxPcXIZc1Wsv9vGyCyna2hw0YdoS7xolOevB3\/+yWD9MKnG0YAitkkfUsfRrF9iaQ1+ywVUhy6G\/zHwC2lJ6EudTOBAJqNOUaOopjt8nn2TPZGjQKihPFNWLhBtyuBCEExpOhq7oQ6QiN864bwdc4er0twYu8FQ0FnKko2VE0GFEfA8yqNEmQouY4SK6OpZtErv5eCg8ilnF3+IV2r1NQUTZp0TadottydcYFSKWZrW\/6vSWEfdRuM18bzfU8Sd3SciJythWdYtqwh8kZCwj72+Hus7iSpx8VKnzwPbu22qrMBx4sRL3yErU4lAa3VgaVLDtdsip5UrAqAHKyVLeIopG66yUi4Jj+8nLNwtO3huFPs\/cHbCwIo8Vj9ay3RwYnRj5G7Y2MpE+9jX6v9bfC4RhzRzzYQht3y4xN0hEOR6GIDGobzMKi1c6gMWyqi2N1HgB4R0\/7XSnEgHIc506l4SmynNTxbaOeLkMkvSaRghNTim6hZjPk3zN+YpkOtY1SnVzT6q+o28pOB2Pq\/bQez0PfKGTZ0FUpvqkz+5k+xponzjPYgfnYevjNjT8CVSdeVLsDw5UZyZjrhP6O0CD5LeNO8rZkyuyRZcb5l1uC3atUyDax9QgzjS3LPbBtaCejKdFXz2qZvNmTV459A=="}
00778{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335101,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4NpZAADQGgI2SMDoSwKgBsgG7+5gJQMJ143dojoAYAfk1rgAAAQEICjqbGu0zdJeUFgMDAIACAAB8AwPkZhV\/CFMUXSOxpFAWonuooUxpGSNmtDo3Uqjzihq+QSCfkPb+1ZsEYNNrxkVe5BM24z4mIR25BtkXl0BC4xubrRMCAAA0ACsAAgMEADMAJAAdACCN0\/zbQsvjb3hnLPe3E37bDYQ4e\/SZgcXunIdOJm8TXAApAAIAABQDAwABARcDAwAq+RADG23kmGTGqaVxGTThcTPRQNJ\/sjJeiLuR3aWwLpHgrsP54+gqQXznFwMDAEU5RRcjsrYDGGeRuNRWxdwU6KN2XTW9FomsEhhA0zy7X8KSiczwqiZ2jMWdJglHh5jzT6clo8zGeofhO7K+cB7KpdL9YZ8="}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00423{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335143,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2iOCUDDeYAQECOhOwAAAQEICjN0l7E6mxrt"}
00535{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335520,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuYAbvjd2iOCUDDeYAYECOiGgAAAQEICjN0l7E6mxrtFAMDAAEBFwMDAEVGTL+ox9ul6btUINs7TqsJYKoGjs3WxYDA9ShTGnEtazqdA7pO6ld06AsP2KchlJ3gCPw49O\/Hrrfm4ULHnRYama2LxxI="}
01381{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335714,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuYAbvjd2jeCUDDeYAYECNZRAAAAQEICjN0l7E6mxrtFwMDAr1rKNCPoZt8SN48UoSZcJEXuVva6fDnijPk6gbmFhRAMW4RxpEl9V0sep4T3HNb\/pAwqLCnNicTnp9Csj9ieQE6UZa+HsfsdB03726QQyyZ8FD+aPQVXB0ueOhrmmZJ99RSaXq8KiOdIP72yBbnCc9R89F8fsX1C1\/QaXccX7MhNP3GlwNMIPJ0RSHdCI6kIS9bxnQiikC7Q6xx8v\/cHjWiufOiUzwZJ9\/TB7u9tH5mZdMrPqdyvfSKqE9kdJWw8khf+Xog2+Ka6\/Gi8+p8RbKBn2a3Qr\/AeSr7V82xhP544bycc\/zz97ZKBM0Ex2pOa5RL9kxvLF9TOp+gBDAYs9CruQF78J+uKgDMLaEgaxQZS4lrzqmadi0PyxEvwkZafPTKbw89m6e36uP2uzHF+rMzw8jYOp1QiPuY3e208zdkyGVysmWquNai2Hsyb6uQI\/yqfAdJIGjDqWF5sgTtV1mh3sVSwSPGIItF09AvFhgu39ZJNYdMi3Hakyhe9xV1cnnZyV7kaLDeTUG8JC3AGFz4ycsBVGRMd5umioajCepH0Agpbrh\/ctwf7ZkKy+f2xDbL3fcn2JioCIQDa9NptEh4Uy9LovBnyZfUQNVYBKcmJSj8FXcPwsgp+k4V9ooOQKFIX7ydFkQDfB\/QRxK+cGTGZMx4TkDwSPSQ5XHWk5D7fusaI1vUH1+TeClLxsvOxEHSQYlZ6MpwNtawrXAhGQ0Hp4j1zWzyIAwGNEGsEUuaEKQ+45N3iflrmLL4xQuCPGvJnjMJ70m7acKl9Iqvq2E6DmIEE0MEl3S8FAgcCIJsUXMaOLPa6PgzvOBmqZ683i6TEHRB8JP8VOy2qjcrifKfD2yA0X5qQpZlbTBJJEAJ+25SPVWwPfeTm84DTXwpghCHoTslO57f9\/oX6Ze07vvQDCinCRKjsFJ0P28ejw=="}
02381{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":338226,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWmNAADQGWCSSMDoSwKgBsgG7+5sh1fPh5uH6yoAQAfoExAAAAQEICjqbGvMzdJeVFgMDAHoCAAB2AwPedgxUUUMfOcDOCNys2evRevSKuiAKjhnNmDAm\/ANdDCCRSxgXbR061vVKAt5s22lo06L3Jln\/c9UF2p0z2Uc8+BMCAAAuACsAAgMEADMAJAAdACCb\/Fd255IpJniZBkmOnyZum9tsJlRF6Qb7t9wmKZv1ChQDAwABARcDAwAqJrLCP0epfioXEHzV\/NhQpewJZQ3\/aZEvnXWLtaEe2SHKBQ4wnR154xPzFwMDC+HSHImEkNeVwPuF7UkYMEi\/Itsna3Ho5b1+rIJ\/f3mJ6MIcpuwOd6NC88vrsSHi6awRUB0W6nkZ2fUU6iAJ\/25lEfUGc2vQTWCR19rMsgGOg+ndWdNkVJX8wBoClwlGOBUqqzRyStTDRFhzDyFPn\/C1OOzdjRiyD0GU7Otn016Gv33xfGlEweGNAp2YHYd1p66s8H7YlVk5oAt1Gue2L6hAOElAl\/Fhvrfh6cz5xphHmoEXdAf9+w8zqVgCSqaenfOZpmSsanP+Ino+vK\/XDXvwDkqC6FdfXmRK8Oek8z6fxwHJfHelxMqVNDwJA1GyafsxDbRdbNSgTWzTDottNBJf60XFzXYLVCzfmU5WUqVDwFkTQ3keV0phvHroh7s8a5\/KUAm2qimFh9sQNJ5MOlo0igUWSIQZbGBCfmp9kSZxfaGn03VZxJiov2kSKh1tmkG1XITG2oPfN6YqM5zU\/\/Qj9v5Bahm71KPuybWznP\/59Is4b8c7DVXDBrYvZ6PaQZfib6EQQ+Wqx0Xviqfqjwe68JLxk\/TuGNm2918RYf9gBSiJH4WCO3w0Q2Vdx+MIfTsXyQR1nmxLBT+D6XXas1AOlCJT1BuwP6dFz03mOYoAjBBBy1CmkbKXSd7rTMhbuUT18XcLWOOpVPuurksUEIr67hkp2\/zNwpGsbBKTrZAr1YZ0wD9jAxnHprpXFwvwEoYWdmlABNDsgtE\/f8I3Q8eKnH4kjfSaeYc+nYIsago5EXWbjLWslPs7Jwiv1HLSl0bqr4rtsNd9E77NbB5ZCkJX1uK4k+GvjpqmZYEmV\/NJNvzTrnompAfvr9TTHsDA4cVHiE7l1kAU+WbtDkhOBgm7red7gh2zXzcnUkcWmuPt6olQrIO5lhz0AGIH0Q\/yc3hPmL1sT1qbC0YoEifK219RMWmSiJuRG0a4kVNi2nK6D\/93rb7PEayWZZ\/E67JfZOaee74M6cK29Z13fEn5e7cUg0KwCGrsrKLyIZDtFmh1TQ6YgdUyHPPk1s2ZbvP8LXqwKp\/uL9VtRmtzfYQ9hc7aWmfd0sF\/Be\/RVf+jqwik6gBDtv+Vsz28eCXHTZdSeUNV0WEAd7SIvifsoraSDi9UlX4eL2rxkK1BElM9DZ4zo4+x2G76uXl6LLMa6iu9X55p+SPBRqdqnUVM6L\/+3VCYzuAH22FDDLsOqeK8Z6eAB6Su3BE1csZTNvffC40LUPnJDQph4pyTpYj5MuQHIEuEMvd2xOfnbg52jTzPUfFDatc5fRutdsYBUGWafgVQQAxEdfFg0+iSkl765QL1rlhrrtkytWJN1+QH\/zspkRdMXgJARibtGrkrHOIz+l8zuSeSgpMM2u7z4xn4etMis+aNbovoTM8kCrDboSDWxAre\/IMlqAB+5bdHMkToRVp75fDe\/Z3E5x0bD\/Ni5KFA8bZ9dysGBbQUWvU4Ta6Pj9ei5aZ+JIg1nBNC5CLGqTen7wpBHfNMJF0pa9nhPzOVWDzzPQ9DnALD9pPljlivyYJGK6IncasrfYGDhUqlB2dv8BO\/NEhtjjNy4aqozW1w8PKk19A5K1hyf9IA23W7TxOHbtd6C8XtcBLYE0auzd2SlS0shbUfZonaWR99N\/394ubx5K6XwNUIDhvDfKsLCoX4F1u1l9RKev99eSpYEQKwD9Wg5c+U8t3d"}
00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02391{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339519,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWmRAADQGWCOSMDoSwKgBsgG7+5sh1fmB5uH6yoAYAfoBqQAAAQEICjqbGvMzdJeVN9c7EtSlDPmQRDP2Q62N5REOuNXlHGeoaeU+Hrs636\/0qFgilHR4hZ918\/eeB+HYQkhnNQPWTJy2jKSl9RbOneBPl0y\/0LvcKljh82DHbhiTXfI4iodKlrHGRH1+gpEnZtV3NpeHr1Mqox8WtVSdixQ5sdBOSpnqwubnmvgxDq45ZRZ7Ofg0ZpG3486p9rOKTMwOUa39OXt\/RQRpZOceETa+3xHbuNLr+dI9oSoZxSR33Tub8UDRHT7NKriAEKp0LmySBr2csj+vySAl0bRw5MjUPPx8vCwBNOdZ5oRqsnI6iZYGgg6kN8UQHExr2FEpoTrepqqqTfwXMUzpqGi342nqRKgXm7UHL2PzAueGGbesQEIpsZ1kgyr9MzOKYXRerMU7m6VDp9kp4PJmUjp4qDyAByWY3fyKwnJHws8Etm8OmIFlTtQB\/XrLJBbOfASTnLKkxwd0r76TB9e2Y1\/LrKxdEmEQeD0\/qs31gHBvC\/J1XZM0yklI9toA+G+\/pbq1AApLBpUAUpvo\/xtc0p8G\/9TBfv1nKw2xVFTSWegsufzgA9wiwqRGce09NMQT8RFpw8R2T7G9BBtcIJ9eihxJUbiHuzLbxr3zOMZ06zMV75wm5hSIJQ18QGMKy\/V\/lIWoguQRUd1uka22B2Fzc1nkkNDf9J3\/ubhXXtgZfu2A4t6CDv5eKmV3zZcx0Jv4dhh5S+thKfzojCUvfQNypjNVJv3bnnAf9WxcCullZeNR5\/wL0DGFS+e4ELUkkI9tvDwrHQmPJhTHbehb5nox3gh+pN3OmJuLth8WEjLkesDyrj1gnSFdHIbLxTqlpvbyKtOGbYzgVbbeD2Drg4jK03pUNYFVXQIvNBEG5zpWsFmwqV2q7moxon6ldmiEEfmxGTyMwv94Zxhv6XZMu9mBJH4I3usnDZA3\/Z4z\/li\/T65gfarNrSWovJpfbu1CFeNRxl+x3sqCl5NSG34gj\/EkfgJgXapijJNsQ1PBnP2Ca+wdyG0d6dK9ruucygk\/kyYoKyctc+d3h4LBzRLaGtHnChSrSqC6EN4NeMqn2lqmreXf6ztjjYlkN0Z4+FZz0WwVe0b9UcDRorEwQ8dlqDRn6GWzZbpF2DsoX6AM79PD16oLehZEXeU4Ll3xupSQAIq6x0OOtnJm\/cYrTJ+yx196gb2Y0qn\/lHj1Il1DbMb+8plVQApsXCQbS1y4F7zQfNXYNLnj7U7+rXesoIhC21tQVpZAOj82Os8GIGe1eaHlYJYLwRdJBl61\/bqyYIdeiMwoRJwz3YAkoTzPbj+wtL+vtox\/MsV5LWCk7O5hhzebCi3rv5hrW13cPuDGGqQbTLK4YsvLRsyJzo4l+EljD5qgMROG5yPH14yy2U\/UHWSRbidNBrJbsGvKHTm5EWhmTdVNxtjGiyszxDwEOKU8p5MiMyGkZvIi+nOmSHiD5aOFoE0urnA\/0DVuSZ52nZZd\/W8M6wLRXt6jr7PgYz\/iwivyKM\/RtfuSx77BwNxcv+YRwq263jIQRZDATPqwkO3\/0\/waYDk\/LtafUuhunSC7pEv+U3eP6tmg1dfdHTX6i742wgfQsWJpdYm3P\/Q0omWlqDX+i56yz5CWHKCcbkkbYT4LPeCrH9icDeKqI\/TMmci3bShb4qRn2qAYe7j\/JPG9K9jKNFJozXUBQ3RIb2y6DmW30aAUq334aouszkdV3\/h3Ux8L+1cHrqSq\/TKU4o5PKW15OnMNtwsTdt07y1VzcqxgZAM3GJSKfJy\/J6dCWKQB3tZg2lfqw+5tgcX7m5JcVw87\/1Fsj7paAPDMuRJwDzO2fvFHImypVc+\/olOy9EbEocV5U65hLSCEiTcY9Ei6SE1GNZEwYfOwRsApz\/pRf+Y3jFhlM3adihK1jxQzcwRdQTv93lKm7dzh9LU3RYX+64tkQ\/vY"}
01382{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339533,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2WmVAADQGWwCSMDoSwKgBsgG7+5sh1f8h5uH6yoAYAfoWUQAAAQEICjqbGvMzdJeVXPHqRPLX4s0krLyauNXBvgdrpLgsgyolPXTqzdDKq23hbQ6y3VNy7MN0S0GNuHlSi2iXXwh64Nr0ywFkoUkHEWRtQozerVKwcmUrS2aOESCJfNdDaQQqnLSD82Sse\/B5yRhlzX+baP0NENM0tvGYx5O9yPilfC\/i2tLmwt2SO4SjCRD6AbolRpw6fVv6uieWl8v\/\/bzeB746J9U5vR2YHqxnTjeNB95twngmHakW97vmb3ZYj5l9WFpGt7O6dIW3nDgzqQDVeNV+tDgAArCsJB\/VdxcMYqMgDdIs2olG0YixnWwABZs4itvGMn0F2djiNmVa4SCetZ5OXDoAIilbLD\/mT1Kg2lcaWJPjhgWNMfXAjDuM1wKdqWYJZ+zN6jy578iQZZ9cI7Jz37T2fKC+8GlqA81qCWwQ9viMp4o5Sg1zxFpWiTc9uIvKx3qRVgLd67eSRgfjU0LC4RcDAwEZdoiE7ewOLlskgSUDg4gT7KHyczl0kBKdEMGMrV+MbBnyVHORFjx0dN4hCBdCGDbslSiUFqrR68Ldw5kW85AjxGGgApwZ\/goYXWRQFQC3eDa4zWD\/CAs0cLoBS1BitGNXi01SP3cMdaVtv9VK5IqfJwimLd5oL\/deaES\/sG6RRw+5AW3vbHAaXyWfOVApCUVZQACJ5+lXI0\/8kdPQoUWcKzLM0CHRKLoGTpqchkOjsuGFdSVnJZYdzPcwYNqiLfZjT6Rj5SV+8lWpFA94TRmKvFBKjRK8I6LA4az2PDGQ6Yoea9GtCRGs2oZUhoMX+P+xykJVITPX5kmTnuj\/2ZZc53ARu6FK765hh8Ce8obcG45gOiJSEuAU9dcXAwMARao6r45aCpFvjPYUSBsTTJP0t979TZ8WuHub8Tvmhu52IG8SAXyzXIJeP8kyyz5VSbjPpSpkLlkb3QHVXFjgPMA2L9oRQQ=="}
00424{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339572,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4frKIdX\/IYAQD9O3mgAAAQEICjN0l7U6mxrz"}
00424{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4frKIdYB44AQD7y07wAAAQEICjN0l7U6mxrz"}
00536{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339958,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvubAbvm4frKIdYB44AYEACNZgAAAQEICjN0l7U6mxrzFAMDAAEBFwMDAEXIE+ky+eXdAAowZrDF2iASqJevMzZAqkPwXZR49xOX\/yHB1MAjxBHbaKN3DXd2g40aj76Mz69fY5QGzbybXv2siT17aaw="}
01389{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":340249,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvubAbvm4fsaIdYB44AYEAAldwAAAQEICjN0l7U6mxrzFwMDAr2upkdOXPSMI9VbIVQVTTABYwj7d0BXmbEprrsyirjbSMGFfXn\/AiScdgCHi7GSPJ61DDmaIipZOrV2x2cx59beh7VGE\/8NDUWkIJg8z7M8\/cyGjbWem0IdzZtEQaCFkH3HkdPM9\/sLvKLeoefBj+\/Qj2\/fivqJ+zPmMmVdYDWoUS3a+ENfBNLP6S4CSS5vH9A0rvQj+\/oH7loY5cZzyKh0pBlyMrPYsHVtvKUhwqawkaVeF6igum5yKtl6pnpw0DnRJkCEu1geTIWjjonNcCxcMAmWDcEAvjWpQFp5sYcbcHBLD+shtrNcbXLAFA7GH1qWkRMuIM3ZARPdpgak8uYaO2yCzB\/kh7pfQ1HXD+Y3C\/gCDw5jdjPv1Int3JEP4VkjKEHLjQ1\/62VAUchxMV2RGmsGLQlWTtSvan45SepYEeDVqG7aq+CYJNlcmHvl2v+WEMk+TQlE3a1MJG714XW7atzpw4+zuj7spjEa1fRSaJzw8VmEVsxlQvZrmU6Tren5shxF+A5WhymBQsSne90rnkMCMpyx\/Zbu+SMj77OKCKQWChSMPfAdzYpDACvSCv6ifm986\/yYC+0uT81EbhsePLgD5nP4NBPqw7P1TrksKYzRIJuHlOuxA8VcG3IfTsEK5Jsof7yk2uUIP1oSDSJfWG0S4qI97sbv9+9IRwflIliBUJcVLU2HHX80cW81bsuM5nQgZV\/mfrvqIkic8tOJ\/KGJJ\/UfQch8Sv5OHVpLfR\/cP2nekYNoIBedpvVz0GlQOouFLPzNIOkySZXb8BRQNCvVO3ZwHSUZw0jU\/f1k8KN9PfokPK4tKUrzqN7G1hrtw0BQtsBiS3PS4Z3ylKUAwXM6k2W9VoYp6hAtOOjTscdF3ZjKHNsExtEKGlemQMonN7jMldbxxtAP77L9uBy\/U1P7s0yBqmYHfO7BbA=="}
02392{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342220,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUneNAADQGFKSSMDoSwKgBsgG7+5p\/iAsPd\/Sby4AQAfrsgQAAAQEICjqbGvQzdJeUFgMDAHoCAAB2AwN\/ao9fohuuO4DwbzYyxm4xgiKYYWaHqAAt92\/7\/+gmDyDl5mYK5NyKLhR+6cYFEa62hVKl7RtVXWgVBX69oQSHchMCAAAuACsAAgMEADMAJAAdACDNZbBtn8\/BQGP4uWuTuOBCokCTH0nuv8LV20IOyQVLMBQDAwABARcDAwAqdxiuKCItZzPBkU80LA2bEHdILvg6+g2KyZJ3eObnp7DbWSX8kjzIKD1eFwMDC+E5BgE6w56C0drOWMIAp+qaHuMstdlkWsZ8kZjO4xtjju1dwQQjJGZVbaRLDiftr3h6vo\/vOTkEyTztOUG8Bgiztz2zTIgYJXD940tFuJC80hZFlUyqA8SettGxSqbFY29HzoK3\/lQGablEJifMIjsrtGO31VDtilBBATr9tZBRErZhTt9ValbmvJBKdmyImE+UFMH\/pjlqVQIrJoTyfuD5U9WgnZ3Q\/SYcMdMLUkO7jJ8EtR\/3MLBnKMjx6ui7\/hQwbc+ABVQ3K3NKKTf2MtVXRhOL2acEP5V\/LtFxOn8S4faa4HtaZHf5j\/z2eaIdgx1VmUlbNLFpEQ4a\/mCHVhBZRSNzzD7V4fJdJ6AJsjSa0X\/ZzDFUgAdkWK3YVdTxE\/K9mZEmPnSqoDHtkP1qtwRthDx9wJuojET\/xhC\/ly2juuai3zfR+MkA678FIQdev0Jv7B1oMtT3t8mTyVS75x8clolzxRBh5qwCyhzL4HMvFTOpWatPKHwuuv\/D2XzrdTKIKHTWJnXUsEC1dIVVvhadgO0l9Hm3\/wChUiZT10GX4V3h0YUfIqfRi6FFDnMV4tOKpCMEg356wq8RUWHX7jAehQSPH\/z6eQ3FdAJqPWDYS0Qv+2sX7\/JQzSk2+95NnMamMQ9Fd\/5GkoFSsSYMAaGCQUg\/TUHtSWEOfHBoZ1O21aqGy7lPOpcC\/FZRXd6DvBD6uLjTG\/Xl5eZyxxduaTL6dJuxPkuxCLC5IDT+7b4OUoQgPVI9NS\/ERNL3obzo2jkQGXoEY7xzJvE0HQ+VwsfsNeEXsQ77j9taDVF6gHw064mQE1Zk9oDI\/c3s84OtegfNfE8\/OVLqTE0g55sBqq8NkI\/S3OHzrr3kKExVKqtwD8UeQGKn16POaiunk6ozlall6Jy1YHKJGnDl\/FJ7GICCZ4va4B7KUHIBnD6pD6K8tevyVzCIfx6CTsXdbc9tG3LACBxgF99T1l0b8kIGlyGYCNsGYuUrRL5upYDBjh78T8k5rrdZSC6323EFt+k0wdYlCJ0PzT9tXzl\/TYcJCw6909JssdFXhQzR6swivkSs1vgcdFlEMcuYvPkBDZygWhP2QBbA+Pc934EqnxCjtbhDpf1+nGgoBRk\/RRD7stYDqbQh+dX5ObbAbj5MyyuawYhQGo3OL9K2hSIsapF5okFoKH40iijXSsbaDc40pH2bN\/5aHVi4RBkxUhJJIZtXAM0kfa2mhXU9lTS8xk9Fc5sRJTyYs61PQyBE5bq8IsvKDVaRbhnoSM9RfkupzSz64xH3+ATpZb2seljageB6YxSj7wwyxNuuFzubeOQItSRcwquuoMBbPg6at\/hkqhJELLDA\/9T1dI6zXlaRi6zIgCyF7AOEYlVwc+lUIRLEDxkSKiBIGkWbyahZIx20AdsCh1EvzvjNO\/g8l\/eCDobPfRGbqg329MK3sEF3aLnU0JnRiTfXDNQ7kGzm\/K+nBF5HKB+e9hvSt4b7YIDbtYgQxMqpoQpU7STc\/xBIikNlR1Z0PcSncguYG\/MhYayhMIrScKejHuCobO6zlRzIv2ypf4rnH6gkDdGkOKyuhktLvZjkbOQkSXkr7Wv8oYAthAPzoQMtsB8ZKIVu6phSyH4bK1McOeaYAJWWAoBDlv2GSOSeIy9iSeuEfgUMGlUhHVo7xI\/QW60+AOuM"}
00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02372{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342342,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUneRAADQGFKOSMDoSwKgBsgG7+5p\/iBCvd\/Sby4AYAfpZnQAAAQEICjqbGvQzdJeU6kxq7c99ne80Konh\/TWfSLz9rUDhgwOWMJ5qaSxL\/LdF7LzQOKA\/yf\/SJ2ogF+9oQpooSurKAPH48SIEzeFVATfTYWd3NER5kCmvdm+4I94zpFquSbgJwH7kdZG+IZRyo8HzZPrQryy2rwPMU3JHrIE7lF3kZIoUgqEAB+E8QSo9Vs53eCDSFBjG68tlE3\/26W0V0b3J502ageF5ugKSpTelSmehW++8ZKf1mXZx4UXpS2hg41K6j6FHZMkZDjy38Pjre2gDwsWQz4eE1tM6\/vziJT10pqBJn6O41AJU5ehvLjDYOye2VX+Xb14bs7NZjulNdb5s2z1uOm1odJ03SUBgcLbQP6v340u1VXGIO63IuiPOgipQG+54xzBgPvYXoIiWuM+AJVKcbT2QQIQeYZR95Kump0aocoLHhER4QDN+KmXeC1jjlKm67iHIMlbMhB0FsHsaDuJQN+Hr6Byq7i37AH91hUmVuLHn6bbOizOTbzXvDWyEgTIUr7HBbUjp1u4b746qkOyuAokO\/2silxmF7WoZNgNJBZ4TuqypRSqqX+lZmuHWrSVaRJxj4p4A2nxN2Y4GwiRc7c0NRS0P0hTxyeoaneDKVX5Ul6xpdOo4hTX1kObvRSvShU0Lc1C411g+N2o1N1mjm4mmKKdRD0gv6RNPmX9hutu9vqO51FQK8AyVufZ0QgECcZtFjehWx90576dIgjfIewyQm8hdLaVzrtvdSby12QZmGXDLlbEnlWQTRpMbuMISmZLyCATlCv\/BAwXl1XaDUT\/IZRbAwF2mTYYkMpezJd6h\/e7+xqwHpXxOZ+41dxx9yMK4sNg0MZX5CQOZeYQSxeY4lxsOt\/mpKfao7MXpAaLnF1iU68P5eBDOWppfXwRkh+thItQHyHvnCdrII1lIqeO2SAEJMcvDIAIMTyonvTNpKfJVfXmLWliCz99QRUgk9TuGHItKVgw28vMY31hbnLmDDaH2J5oFjxjhExSJQAxq+Uy4MMb1JpkwsReOBYq2b8odE4vhyrAQTiKmdZqrzsaeGMy6WjI28hx+CPDSOnajtWMMBdzj7kBPhRFqNwEIOkDO+8nWwHEXMKpOyoXUs2sutDnlnI7+dRaBFZHjUcaPceYXKE+tmPhdRpvxj1gN9vtZOyctMAkRe8dNC8vQMFPXMa6h8MiSDBf4qM5GVQwJi81bNZSmyYMnls+3TxtM8LmmHXJtgTHOA3NVsw0ix5pZy4zlwWN45vmYaCqUro0j9KQEC0KAAjrjZeBjPuYRxuJO+nYs7MesyXyfx30u1CaM1jxOsspQ\/UZPQ64\/93GNskCWqA\/+kXVdW8qIDS0ZlyqI09lpw4bgKl4scJUvyKi0z\/v\/Rk5bLSS7pXdG8fUpntxVINJvYYH2tfYLU9zikN2ATUC9WoADUHwER4cY5MJKtO+0l57Yf2n6u4Oth\/IOUifsYXsKrKDYL3nTfEOyeaF59Nwov4phVN8llbrPchx23duwaZv0ZyMPS+C8XV5TYfREsQBG+++Y9O940M16AjWiQIagMcO2vvpKUkXneGcUBIXAY\/L42X4zOwBi4x6JVmMvh\/pryyw8gmhSJ1Ejc8Bvw0FSOBcLxXLPRU9B02VgajKHvtc+Go5haMbBKwiNTvXlCjWazMKWWrUNf7NlCi8Ja3NcPRNvRi4qBnrwuIsR1DpXlSkRnFPPh9SfemkpSvzw10YQFaiH+zxhaVM25VU6AfH\/gFyN8DEazCoyEiGOHPo8EJ9qeraSHj1FgSzFGxfTNeqSROF3\/sQutKwH4nYGNuKT+ICD7A9eHKqX3Rimcqjt+i66aZ5OrIu8swRHG8dlw04qhdAB+5LZFbdxJ2Lh36fuEQ46IWG7JKdHh3uoeHWfwsiMoyvhqbioMwOiHogcAlO4f+IQWGVt7lmRnfdUYzEe"}
01387{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342357,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2neVAADQGF4CSMDoSwKgBsgG7+5p\/iBZPd\/Sby4AYAfqb1AAAAQEICjqbGvQzdJeUFVHL61glF02I6+\/b8jA9asu8OAv5Nxdbkgk1eaWnmtjS0hjbNRly334HhGUHOT+mvABDKIB29q+DJ1cf\/qR9ntNx\/J3v4R9llRfU0+GU\/zbjuEyL3Wp6y3GCYqw0qT+2KWn4gu4PcB\/OlqAiwPVivUCRvBsfbGywp0zZKxcYOwvk39HPI7egetDphxzJTYlhuzY2VmCLeJ2SHa8uvjo55Vf05b8USXzappPp8wtv77Hv7dB8O7Yro33nAaE8NVOwSP6MzOfg9XpzAHjnPB9RfwLMBZUl4GwibdCzCQ+nAv2BythiAIJ8NRR1TuRyaFgr\/YV+Oe75\/bIHgU8ccuSJ1HW0ZcsJ+4bJcBZE9K92VoDpHdCLcb6MnZmTZDlKCqwDa\/Ro4Wq\/AjX1+IX26\/KZuf833b\/ONIeFtfvPvONQWmrjykTrb8ZpMwo\/aIKY45hfiHShtPk9msmAzRcDAwEZetI5q5VFku7VokCl\/BY1pS8HsMmUaH0Zq7GVHB2tD7A3LFW3Ui6nPDohGL33ZVDEkYe95v1YHLwvmYmTZ9Qh3iLSsp5yhvRyPSgdiDIF65UIPGnYKmU4vF591MEvApQpzRvud066KMqVgPx\/Nko1yiCboju0FsXG8ZMtKuq1adoMME1p18LO1mjw5g0kWCvetKnINWHNOe32I2hSxVeNXdkGPepBcgMcPbhdjkFefFxdJHR3ZgfiFD826afcA8A9UikFPdm8sBmVc0EQdJl2qUGyzOBJsEjWMI5zz6Ef4iRmF+AN09lDj66\/BhugdFHdSepWy2l6+XDcQNCIWV1ub2F10i+zqLfxtpEwsGlakkdRfB776sYWYCwXAwMARUqsIf8y+c1VyWAiVm7zOfY4xskosopH4p2kmMQBCSIUSCl8kUdVW1CN2Prv1ogmHn628fRCYjuHjtchhi18s+2Xis654Q=="}
00423{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JvLf4gWT4AQD9MQpQAAAQEICjN0l7c6mxr0"}
00424{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JvLf4gZEYAQD7wN+gAAAQEICjN0l7c6mxr0"}
00536{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342841,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuaAbt39JvLf4gZEYAYEACjswAAAQEICjN0l7c6mxr0FAMDAAEBFwMDAEUVtP9Z5XD+4IuV3RPHhMQE+RfrfieCRT1b0dXdR4vhL3knI8t1Enz\/ERe8BjYcGVDciBBmuqKolVi+Ns2a23qxafiI13Y="}
01381{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":343074,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuaAbt39Jwbf4gZEYAYEADdaQAAAQEICjN0l7c6mxr0FwMDAr3u3bgNH5j5f2w9yr5dG4DOwpaZQPX\/Rxry461pDK7gY99V7a71X6vuBj+jUi5xiCsrF\/b9Tt7Hyooh7qB4oFYKOXN75yC+05H9UMvjO57qg7s+EixjcxLvhBEj4l9JFW2IXeNMFyIdZo3n9KST84iIfK+dXMU6jXOC7tupgv8aZ1\/kGU8EMzVsL\/IfMiveDqtYDoDL2o0WNUlC0V6XLbfHywjtBx6VhF1lxi66mEU8ShyHYBEva9YiPctQ5JWwwiww3vXd6JjPeabWTj2e95ST+O50edBkt5dg5uz8TRA5Gc2esqipoLKLUbI\/ojc1VBFgF+6l1znn+Gi2B7wghWLUjgPzaL4a6hiK5qPUKcy43TsdFQAGztmATyci8TmQCM4\/EGrXAK6ootD1gLD6SPN+Mp8G3DIYxNlnHt6IImQIJiJcvRmRdu2CpOuhE1Q7bgDk4ZKCcFnsb+H1NqkHVk\/tdQhYsWrO9EQr8jSrg5PYxvIVTtCJsfu5NhIcTM7W6R3shlwtMHJJo4RW7stoo0ZeSwWLVRe15N9IBOkjPq\/RHWmj4j9wQXWa2LQ5GpRpE1vkiHwC8IKEtimWONHWLM7eki+uP+qlhR0tIUCCbxXFbhFzdcDEL74GmfaqOVwUcYCCCqPnUt+DJJvhgAzDAbBfrzAqVjDy+mABCCxoXQoBNxSvEUpxak75zRnDwlnYMz4PSUIDP3MwVZSP5i80YDh4PBbZEdO2G+A0dEa4tdT68eVo5cSNNe5nF7J3PGu93V97cQTfRABQhGOaVJCD9EvwTdfgApxFiHlvDXdsQbMG92WSi9r5tdjzF7YzRNMvOXjjO5nhrKnuEKlbg3Sq5lCFaGgajBOykF\/wa7x7ck9OpJSb87cmOHpRH2yDd1zA5YOXoFunIsIEHuH2pwsY0\/yiiGGxfP7BgKaTzdw+2g=="}
00424{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":360219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ro9AADQGCZiSMDoSwKgBsgG7+5l1X2N+d4WFeoAQAfnyKgAAAQEICjqbGwozdJew"}
00424{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":361277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0rpBAADQGCZeSMDoSwKgBsgG7+5l1X2N+d4WIPIAQAfTvbAAAAQEICjqbGwszdJew"}
00834{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":363595,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjrpFAADQGCGeSMDoSwKgBsgG7+5l1X2N+d4WIPIAYAfX6PwAAAQEICjqbGwszdJewFwMDASoDpIRaxqKLBigqEAkkT+nsWgU9Rkeb8Wlz6XBgeVBlAEcAd\/TCDTScCVHL2N1+54EbmMTZ8Im4ecIEnuTmqtbkNtTyjb5eoxTosvN3q7mPHp1lYsoldZ8T4r8y7AF0FvJbKcnrGGIsbMED30lr4+7rWArpXuJT310Z6B10Bf\/nrCRZCSVOcpG21cPMwckmMZjOatWExkBp7iPynCm+hF+AH5EHdEG2XwWbwMA2zxlJIYxsgvJ7rGse+uRPgwyozEq6JypldfLy2C99jSRacaPgH8qH8uLnjnLzbfa+txGw1CcjvapT27zPvHCZmQzm6QfVkfzlGPVDVxl9TDwDc6Jvr+jEe9wx64CJE\/S0HyNej6qcq1T+p2UK6cBHw4z9IzWEwYuPIGGt69C3"}
00425{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":363643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYg8dV9krYAQEBrf\/gAAAQEICjN0l8k6mxsL"}
02381{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":365355,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUrpJAADQGA\/WSMDoSwKgBsgG7+5l1X2Std4WIPIAQAfW0WgAAAQEICjqbGwwzdJewFwMDATFFo0twhudXtBOByDthArsm\/NsbYg20i9wKvK5gD+ZdKBb5Ow3zTzQYhu8pv5ZdNxZN+IoEwxIJqgeOcMUtRlkIhtA8SpjfF0JLXK9Au2NvX98S7DGzFTJUAWCzJZTwNiT\/7yvj4CIGsKn07JmtRLvL5\/7gSOMxgIdB5Y5nE0g+Cm9Au19So5YSS+y0zJhE6Dw0UOGreBq4PiRUqf563ntGqMt85pd1ig8S\/cD6Hc4B6JuZD7rHsnTSfB+a57NQt7n34SPzQMc5Om6OuePCQehqQfIhM74dq1MozS4uLsCjd1DGjXmmfgGX7vSmg3+3JZymmUCMGxSWrZe2h5t011SD1WSBylghxJm0aR258ZJO+eyJm8C95AzKtcUe5zbE+nnU53d8nta6EmxaujDRjw+eghcDA0ARALbGaNtcCQGb3nvi0m8dQ3f9Xx4LNicvSZ7uQV7jjIZPcmhrQw8rVEgPA2JODJqKYLhgRFIwPr0MuvZYMjGM\/XK3yMZVAP6i8M3jHMqIaxjpcQdoGmxDvTqWIOk+\/ZEi2sMQqdVzvfhtAExpTPGLuxrSPyTF7aj1HDgJgcXeZ9nxPorJ5EjXyTC8rs4TXR7+IVds7R2Ch5it\/TwGzxN70CKgxbNZyT3sY9YkcgOnU3GvOMm1R9pK69e8irqaNOY2\/mYvrfjcuZc3rtwTops3V8WxKtHMvTF2iRsm5e9391\/t\/CuCJnSN\/OxT50hbVow6hZEFcZoXp6zSVh2cmY8hXNwwgfZXkg3zwypLUnSeWGYKwg1bnGEmUfGz2sa9hjVtQbctQYoCJbjvMIks7v+auy6FlTe\/QOH8NylaPT77G3C35h+Z91meK5RY\/Ooxcq9BTQ0CTj6KxlpoV+8HXrzBpLqSA8ppJXnbo3hdHFnStKMiVJaJLHT2RDPEJ+Tg\/BB8wQAGRO24HRgMssr1lXt8x4B1lqmJFz2WgQunucgXv1XDbBz1P8QcDLUM7yw6IgSYWiB+SSMKrxevxIYTWt1bNUr+LA50kDBvuepxTl\/KSpaTFxuRakwVJRz1sHK4at8a1w85zgt0FmyubSCmu3qVQWatQZ0QBDTPPSNlyMOA5fP8Q4nC1ecx8pNBkojnw+KG5jTZJ\/ijD2RmjQN4hw6I1UCWC34HuDyxQG8thkfDWU768GS5tYRDTe0HIEHNE+UI6I7UK51LkjrcZZczSASxJGrlsNMkB7rTIcqhQ08smPxBZVXjYufzVRwraUBOsIotk1DAT+UPkAoNSHO9rbLsTTm15wDqX\/ik9u2cRBBgkbOT2OSzS\/X03ejR+Q7XZMF+sUmZjcj4QGsJbfieGaA0qmNmx6XpYjnxiaPUuXAIXmiMUA8fKVjFUhBOVob4nASt799boIWbjHjnIjSBBmxoCdxVOhMCKnbUqkmK8gw\/DeTv2vf1+w5htpGiuxFCr7fxB0gCKzttvibhxmf69m6tfzNjWM15FX0OedZc47tOAYaqyCfNrXk+0zGqX6CRP+XJ0ZVwt3mGRsyvWe0ws0moiwqWHwd\/LZ1K8Ql8lcJzi7bUUbVlvi48cEbhfK03VBM1xqH3hPUG9AaW1kE7\/QLMlrWh8VTJGA3\/oCx7T3IDcs\/T1WCZA+D3UrRAYCiDEAeOBR8BJucu4Nu60stJABjEbS2bfTlSE7YETqwwamkwDf3HaQw9pJO21iJ41C\/L6Utgkr3nEy\/tujTTuGviTT\/Ff7ceQEHoFZtKwZKfWBtKaXB+O7PPuAadk0W3vXfSugrhjCsxn8Tpros4uErpJmqEsE2Zi8ZQycaGFrnVHbsznWyTx8tdmCq4qaz+hF3bUBdjLzFdmJYItOESOEkUHgeridDTNuukBLTVrEgtzuMkDmBDQFtiETCJ74p\/+z30NsdKrDuTRXUyUE\/ME\/cKaMX5esPHQUW\/"}
02388{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":365591,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUrpNAADQGA\/SSMDoSwKgBsgG7+5l1X2pNd4WIPIAYAfVqbwAAAQEICjqbGwwzdJewqfwgVZf5QOIBH69lxd5OII0yX2XdzeBWUqjORrYauXFFPN\/LOOlab4JZafjzukxfORwotQmA2d+F5iYuBHa\/OYJF+yo9+2pyBlGHHpKL\/RG7s4Bj8w0jvgGndwWza7kH+WjgKhANT7\/nti\/+zMjraOrubWtUUlI6Nq1i3p5wD3Pl6D4nOs531XUJcLYOAo0CtKij6LmXnLM6TghFzAuAiXOr2MUcOnK\/0IhiSkYjLcj2BQ9e2fdFQvvB5U3ofEvHtHE3BNbEd9GUsYivq00a6NrO8QLVbY7yNMKZWDdHYEHk623NnckVwL\/mqrNLWLH+nbdPQm1YRPw+gdb4BhUGSmMpZnaG1dWf1rOjBzg7FfkF5Lu3mL8yitmia6zAzFFmalPgLvW63Ia1u87oivNs7dMNK4FD48iN0ujBKr4z3x2rBfcM4y7m2iPq4VxACK0rFt3CsDAYzlkLj3ynFonKNGwTXYcAaSwZQYCvvJ2LP\/+i6YhuYfBt41GBc4tkcPNSYalPGFsCfBe9Jo3VfEgpx9hifHSPjkz49Aluj7JTMiyXb2G7B0lfVWiDRZoOjOBXuHwQdSU01CKwsfhbnGOer33DIhZ863dgImnVMsVF\/UuD\/Hqh4uVc1Fq47M7duRwlRcO7HNJQeqGd8PWnxSeEgkZqtC7mq2LsKLvNkAjGGpknL0cnneoqTIpN4J1BvG+ly0U0JzBZEIlU1Do\/UDcmcohWoTLdxHgpcAzZIEcLrJSi7i2bKIhoAbMqePNcj5x60WN8XsKTbeKmaZoNbOo4EiVZOKFo12gaGKoowDuamTDIToTNmSUzmbcsOg5oOdPF9BuLzo8CBlbXsocO4byUSk0oVwJt4GdVk2Cw1dEGhrz50aSqUMkAd2kNLao3oovmCy0cI+u17vQYLNCWFzhP\/e\/eymTk6mRvw9c\/Qb7uO\/eXYOpMbEHWhV0lo+mnIhS3PgSc3bk\/lFMf0B9ytTIQA3EkwtgW6t9ZYLQ4PP5\/utvHM\/8xLlYLf03ltT2TV189ooAgMjjWfrSRfT6njTSRh5X9ytZjQYGRKoIy2utUfLHSbrxSq3Sdxe6fsL9poMrBFyaR5pVNW5RwqSXFQch6C6kcbN9nI1hoDdTwHvuKxbGWa7lBDXannGohPGnYtjFoY\/rct9xyo0FNUJdg7pAS+pj\/m1oHtffc2g1HHdsmrFzKrJvN5wRhzZXZty8NHwxCCYS8fciEIcpBOL\/OvWnRZytUH3ubMtZXqqvrrk9KElCTnHR95dvZkcK\/EWJK5y4HpA9wQ9ZpyV2K\/NeG\/d4DnXX51jplQ7C\/2RP9cJrN8hHSyIglTx64J+AMFmhQuIrR3UeiXV\/EZ5SEidpXFHcZ7yw0YfkpP64rphqqP+kk2P73\/faci6M5RnE\/L2pXzGSZZffM4uSYp+bCtO9ruu07OvCUnjM0u2z\/FYFoJAYPFmiTJOYgdH+6HUsWzXnRqfF8rT4HXc6WhdrPb6cM8JnzEsqCsocX3\/\/chFBTxHYTjgAlQV2l4Kyyl+pNmwdfv+0omaT2A1CIwD\/PcBdbx6wb3LyAytVe7cuTupajKnHDRTHB6mxB8ia\/t\/HC1k40F6LMs3MgT2vdZ7Q5XgcFanCr+Ijr2SnZPneiFDN4kBDgX+9Wl3nGqyaKDDJUs7VmsYMSAv4q+ZJQtY1CxdYbJoFAf1oGPLZ4exg\/nYBAXoX5QBfKheaU2X3d7WeEYCtU\/jjzQDQOYP8VvUVpQiPtFKSDyYnCDRT7W3oY5P5gOhcZeZCchGCKdjfEiRPm8V25S5fOTzzmAlS0zhEgmU482DaFBElYYSwzkjiD0W1AFc46bvPkIu7+Fzl1+wWwz08vHXH\/Ag9EhI5Qdk5vukBcxk2l2XYJ9Q9eQMfc2DICIt8xLzKtTxNZ0CGvRjTl4MnKVxRd"}
00424{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367099,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmZAADQGXcGSMDoSwKgBsgG7+5sh1gHj5uH7GoAQAfrCRgAAAQEICjqbGw4zdJe1"}
00837{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367101,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjWmdAADQGXJGSMDoSwKgBsgG7+5sh1gHj5uH7GoAYAfrYnAAAAQEICjqbGw4zdJe1FwMDASoNj27aXqQCuW3A\/wxlTmyM28boRDJynZKkOqLzqWjzDtUTHKKDyyI++JzwLJw6pIkKqtdczn8avtdhFUQ5tKEYGIugUuoyRqMVuQo0pvTfi2EoB1ucjFA+Qn5I7\/bluEnELmswVoSV2JDFLZN4cP7pMwQx0pj0mR0HqeXqIv5ZtAQgNDbE15t\/UVKqNNXvzK0IeTaf1f9YFBCsJLi2on2nTwdeM2n\/LbUB3hZE2wX885ANQ2EhfBRsFHRveu9d6W2RZf+3lNazVpjZtiEA7FT9vyBBI\/MO4IilsmjNK5ob8YiG6S5mkKQPCBF1i4CmP0ZhHvnySjpftseTmgnZ\/CJqJyDbq3ohEDt6aOlXFKMCWWqfX33uvne3p9mh3P1M7SwmTpRYtbI9F4vv"}
00424{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367101,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmhAADQGXb+SMDoSwKgBsgG7+5sh1gMS5uH93IAQAfW+WgAAAQEICjqbGw4zdJe1"}
00424{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NpdAADQGgZCSMDoSwKgBsgG7+5gJQMN543do3oAQAfmu+QAAAQEICjqbGwkzdJex"}
00836{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367122,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjNphAADQGgGCSMDoSwKgBsgG7+5gJQMN543do3oAYAflgvgAAAQEICjqbGwozdJexFwMDASq3bHvl4r0lP4smBVektA3a73cTg1NcXG1ZMDYfcS2bVv1f3zU3r4FKKJ2rh3Qt6eyLpZ5Q+vcUgCsdS6eoAldzjt7cuspWthW\/T0H6hdNO\/EAMAE6q1hp8sY46W3onyJaAzHooBHjpugEUkkuYvfH\/gkHF8cVKzNPQws4dJCnZlQWSnsQgYBGbCQA7fMuIXJ3Kqb6kCSQ5J+XgHoX1Okc\/+IPnFwbm8S6dSSqW7sNtriOukpa2tXEfPLRB9QhteS9OdKGinw35YMYmFD9tnLiyCeH26pTX5xp7v8isnDxH5rxELHftdz4jzzm0I7BX9UdghjU7Zjrq95P3D0b+wYsANJmO8EbukDQW1Ct1nVRhs+rqBuhuRqLgsSU+MxusdfHX\/DwJ7qa5pIAQ"}
00424{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NplAADQGgY6SMDoSwKgBsgG7+5gJQMSo43droIAQAfWrCwAAAQEICjqbGwozdJex"}
00424{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2ugCUDEqIAQEBqcywAAAQEICjN0l8w6mxsK"}
02381{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":368106,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNppAADQGe+2SMDoSwKgBsgG7+5gJQMSo43droIAQAfXyXAAAAQEICjqbGwszdJexFwMDATGcmvn8zYefzEogJk35AtMEwQ8FyVCc6ByqwKFG+vRdtGhsJD3zHljACeE04haokhJ8rD1jRFHQVitkV88USNhLtOdEtC7EPtXg4\/HRCd+V1551UEpdPj95kjpoYGdROYhvT50NONI\/bzQWkUs9v8+dnLCRX0bCCCzPebkhro\/Hmq0ElwqTUjGexJrWiBpv2X9nZN6ZqH67NeYRStvU73rabo0js0SRCx7oXvsQiKFcPjOXjkAX1ThOYrvlZ\/+TWqIJAGoolzSx9KGYqJN8k69osJxAOVb2vJxzK2rJV\/WnWtoIFmKf4CKBJeSQ8SAxDpTDOR+f6\/lPZGjIvsk36mlPJby1WUhjfxpspSvVGk10+evfQiGg4PlRaJUStlOo+hZ2ZANNK3bvX+jMIVIeXbNEzBcDAzni8NNSIlaPml7qK+o0nvOKWFjghGH9z\/Y7j4PLHc+8qF9M08s2vRZ6+twSoRioaQdghrvRFIE1LZZYlqwMg5nmv2D8WYKn\/P+pyAUBKpqt8AULR+dw2OQxCzV4vAwXy6j8dEzTsCh1K\/gIeHQgznVlPrZQc8TaB\/VpFeipwxfVxgYrUznAtpfL7N2fXwR0+d5Maccy3NNFArfhq2YFErzqmbIjG57wGUifp+lHRlCbbbNqMNzn+7+GnO+6RJnaMRX\/QZvKD86qEdsuKNCuN+DYpCdQ+aVby2H1F\/+ii+HbtR29fioLDmRgHe1lRDrhJW1A7qJr8LiYn7FzybbsLw3xbrgTXfQhYw2NytCnbarj3pSaFeRt4bQ0K3XuaojtoCGkG1HW9uwAXaFaRHjN\/Qhe2rt66vfIydiNWySb85Wf4Y0H8NLrvSc\/+G92fuR5RZHkBBxXMT2nF5Ux0lzyqXjKH2Q0bZDy5CN\/+Zu7V4+DfzrcKLka4ig+S9GlYsb2WqPmGDtdgtCUB0j9KdZp8ICyZnmqWvGUxDSfgVyQckcqi1FBwP7rL688kL\/CjZbUfYdgiyj2ojz4FH\/Zhy+JvkrxoPJsWpkg4ypnetBSOJ2pnYSw9UFIaFcGmmhP1Md6wmtO0SruDrXxjAnMYdG0Z+7VCpLCprj6s1RztTd5sxTB8i0rhOSqtBAN+XBHgfsJOEMlw9EcqlTBT+EeWxYv0\/xg2SzoO0Q+8nmSevhTPoD95CALUbWvM3jUWm808jnyx3Fvj\/DW0xgGT3M4suPscgpWij0qoMlWHvYdSgI3RMxjTMn4wYHiPMc46+esP3pMKZyZP9e0PtB5il2yv5XYDnjukuOsEXwdrXvi6uDRzQ6YniAvlvwyATIwUxbTZMHZKLN5E6eiSu4NvVP5UFS5HwE1AxYTkD+8YfiDBcEMH+ZMFU5ANjTD77ax1Y41gBB6h21naZA19chGvvvKum9MviXiboknnjvfhyYfWN6Zi7R5gYLb38vdANUWvFDa3CmmC+\/xQzUsgQWFUAKCPX8JxXn6xTriIa3FYsabbmk6QHiVnYga3ji\/uAVL\/+4ST19v\/h5IlMTXGYn79VQu3xzop78Ko0VoLbjwPh9ccC8LaXRIOgP\/4\/nwUKthmEPsUCkAVFsKRgwqrUdK3qAgZz38sp22ibWvO98nymCmnoZPJZF1O+JQjhNORRCWx8JQGI4kvQxH00KEl5Jff5p6UG1Z1Xp6m4qi\/ExPGPxlr04+5EJ96GU4Dv8HQv5PevgyhjsHxO\/ayNeEqFNObtZ0trkGR4wZ\/s6ze6sydSiZI1KD3MsZgg0rqwYAgV8ykDTcLvTFaWqL0olUmW852jBvFB7ZWk1L9xSu\/qjdceiWaSDwMozU9MnDPse3gwOzFZw\/mKHptaRfkZhXI5IcAAMlX953DgEQ1SM\/idcjGe637R6LfJK3ql8J3ppGVgzMS04J6HNEi+avFiQFEyUXvtdpSWxvogGmElfF3Sp8"}
02379{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":368215,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNptAADQGe+ySMDoSwKgBsgG7+5gJQMpI43droIAYAfWKlwAAAQEICjqbGwszdJexxPNQdteAgjyvmyiQepYIVQZ03Yf\/N2Kpm3rLXJEUQetWCfuY5PggdOrqpitJfzD+uqeKQ+7FUmzq3JqrrLdG4MbAkcuNSP\/yBOA0AzVMUafvx5E2Nwm2JG+hEQLTT07Tc4JX5XY78O0QYbSu02jWlmvMNxAATxp+U21FtgbWRZ6wAM87Mm0di44G1SVQHIoLo948pTF1XwypouC\/RfECD41pNElZernaOs\/wv1kCUxfl+jIfIkl4ig7\/dsboKSXlY4QXzS+NKGp1DZxKOXrMfSbYb2u5v9JCJpbXp2Snfo5Z6yfoWdftrczZbTRt7aa1SnG8TOjPDwqNkzfTwytH3P6Tf4IX2gKqcoAcZGdu3RzuTzVXGFfOsjX3lN9dffxgCFkvsgF8dzdWAkJc\/g5+BPbOPM+ucCNVO3ArIev16fxVQW0op8sxDnGpaZbMu9Gy0KyvxtQ3WhY6WD+oUVImlLfuXjCqMCg2aLX2ngfRoZLcedkwSwxAOj6GuP6yJYTHtF7R9ipzysDL3OHlR8I5enhMueRrFB6cB6VuRHkFXV8kjVEJTroEpsxtda+A\/qUTBfgzjP\/b7Mkgeydh8rFPrnuNT7RTvcxzrb2ZJds3tGEIC4msJqrevBr3yFH41rQR5md783Fky9gzTQkyD06vcfTWzXJfpaxH3B\/TiCwdZveFk3jqtuKZklIMALY03gOzyrGHkdp6mTZ\/xC2JGhRj9xZgiCSbXuxywHwPOkmIpkMoLsR8YHu+BrIJonRiEGl34hjxabk6aZ0YRgGkwZADtJq\/2V1zrmqJ6kISlGDXb+mTzxEmmfnaXcHUxrRWtbHRuG6VqATR1NgUvyzXhnwrg1Mn8PyuBVchA9KSL53fBb5lzsHM1fWT6AF5WalOPY50IF7yxlaMHvjg3FNn8S7k1oO7McSoObWK\/1nUpHEjqo05GBXKMx+M5\/q00rY9kNL3XJh9Fp1oPJ3DVIytTyY2ixjmx4vfS4PktBRuVnaXqfYrQOlzI4OBOjqcb+X7IZ8qZxny+jETwnj1n419J87tmKfIajwDEmZpY\/snjgKNFvnQO\/eu1GakhkimAzUw2wWX7r9dFFP+YSE2klw5Cbg8r2i96TQwpBqqZgwC2z8dJQ\/aSyTPTUVACkWcDWULpzhq36I\/p9aBmiHd\/90MKDOyL4WrKc1GffApinT9KMS4ZZsnla3ZEjjCZPvD9sbphbgvbOQDCVULM3fTdklDO3Fx+SOO41lWqDXXWIq87462XKln804\/A5Y9nZrCuYSN3oFGVoLaXUHPdrgbUDpntMSq0R8IRvqzqeyf77+xqF4MXOHbR9rHtL262Y53\/Fgj8201RMopY5oFvDCztKQU3SPyLdQqQOteS0HOqPGfgi9Rt3V1pTk3iAxei1\/+lyaqU8AnMUydtsq4sJMli2eIFhsiZqPOumAM0j2s3\/b0\/A3MCouuJXSJ5\/7PUaqbyElPN1Z1a3Hss5gTkRou3irIuIls5xZcIVmUCa5VzuObjUsJ3DSp0QTH3vbJ\/Oxg6XN7hNrSzrn+iRqZ8yHtMDyWELkd5TSroKpxNoshVhUB+TTjftB1qes13RPFXUJy0vSn6kriojj+aAx6lrFAuxH8KMlu52wnYGNFX+gZTkyDYhhWenPDzQESPgDFImyt8YE5NIZkbz4xAXFrQHjulBMPS2\/a1pf+no+vZnZf0zg\/AAupX+hS6ZHPzIccgFRGcEhtkdZoU4u0YlnU3+v8amEexB1BhQzHRmzn2UP+QgDYgE0Kpd71L+VjjmkYjlOfl7pMezB1fzxUrBI3FuSGdqYZWnhoYrOtBvYpomX08VpJRjBPVyqza1moNZLRxQsusI2orFgeCRAf8Rio4qbv0twuaGtmXiwtIYlYSX9dzYDQBdVpJclukN\/N4roC\/onhZQYExKlT"}
00426{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370352,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neZAADQGGkGSMDoSwKgBsgG7+5p\/iBkRd\/ScG4AQAfobUAAAAQEICjqbGxAzdJe3"}
00426{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370468,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nedAADQGGkCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAQAfUYkgAAAQEICjqbGxEzdJe3"}
00846{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370585,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjnehAADQGGRCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAYAfV9JAAAAQEICjqbGxEzdJe3FwMDASqAJRG6bgsbTW0tWRsjRYVGzw9H6gvxErz3e5D\/27VNhWASbt\/0PEltptiu389fTERtuCmmRusUQRw8btYWhKKYy6KckWYkE+6x\/7q4R9bYW0ih6KOhgAi\/cH2GADtxZ6ussAdlzyCJlkjv+vazlqpZeq0Jhjf7+nUOmgwRazjst\/FtIcJfUh634Oav0SiiDA1ZlevmBcX354z7M2\/nSm95\/mVD8ytZN\/0pg6jP98N1XAoBQ+41y58S1q6k3m51Oh4K8wBd383AO\/6iqnSKmamyeg\/2agMRVBw4Dict381VYLjIcmwAvXnTzAnSXsAWFAcfriAwwIE0Vpus4qeP9P6h9YA2N7BkX2vWZR4jWt14ppy\/8G\/8PaR2YFFWOgV\/gVOc3pC93ZzIIfIK"}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1958,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902509612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test"}

98
test/results/coap_mqtt.pcap.out
View File

@@ -1,63 +1,63 @@
00386{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957710,"pkt_ts_usec":293035,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957715,"pkt_ts_usec":764217,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957717,"pkt_ts_usec":200749,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957718,"pkt_ts_usec":629009,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957720,"pkt_ts_usec":773953,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_tot_l4_data_len":27,"flow_min_l4_data_len":27,"flow_max_l4_data_len":27,"flow_avg_l4_data_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":17876,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_tot_l4_data_len":27,"flow_min_l4_data_len":27,"flow_max_l4_data_len":27,"flow_avg_l4_data_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00425{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":127292,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
00597{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":153497,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
00425{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":165959,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"uCfrprIvACTop0mhht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAMOD1gAFcP"}
00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":676575,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00454{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":735550,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00438{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":26698,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
00425{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":86791,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAMfrZghc6h"}
00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":240020,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00426{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":293289,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
00454{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":616928,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00439{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":672713,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"ACTop0mhuCfrprIvht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wATioZgRZUj\/215ZGF0YQ=="}
00454{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091022,"pkt_ts_usec":221897,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091022,"pkt_ts_usec":272173,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gQpUk"}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":12,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_tot_l4_data_len":93,"flow_min_l4_data_len":12,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":12,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":976582,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":977291,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00419{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907244,"pkt_ts_usec":175731,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332152,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00416{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332556,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00419{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":532086,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00425{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00417{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00437{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7095,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"CAAnmO\/hCAAnAERyCABFAAA7EL5AAIAG+EfAqDgBwKg4ZdEYRF3fAvFnrkjtw1AYAQCebQAAEBEABE1RVFQEAgA8AAVCdXM0MQ=="}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":20,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7143,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CAAnAERyCAAnmO\/hCABFAAAolKdAAEAGtHHAqDhlwKg4AURd0RiuSO3D3wLxelAQAOXx0QAA"}
00417{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":8181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKhAAEAGtGzAqDhlwKg4AURd0RiuSO3D3wLxelAYAOXx1QAAIAIAAA=="}
00492{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":16406,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEL9AAIAG+B3AqDgBwKg4ZdEYRF3fAvF6rkjtx1AYAQBtHAAAMzoACUJ1czE3SW5mbwABVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
@@ -69,14 +69,14 @@
00493{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":43373,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEMJAAIAG+BrAqDgBwKg4ZdEYRF3fAvHFrkjuJFAYAQBqdAAAMzoACUJ1czE3SW5mbwADVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
00419{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":44633,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKxAAEAGtGjAqDhlwKg4AURd0RiuSO4k3wLyAVAYAOXx1QAAQAIAAw=="}
00420{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":242073,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEMNAAIAG+FXAqDgBwKg4ZdEYRF3fAvIBrkjuKFAQAQA6MQAAAAAAAAAA"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00529{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483239,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+rAFAAEAGnMHAqDhlwKg4AURd0RKQSIQbeoYoHFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00530{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483346,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+f0hAAEAGyXrAqDhlwKg4AURd0RObj0l5TWIKIlAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":106,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":106,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483430,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":106,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":106,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00424{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00420{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":484395,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMVAAIAG+E\/AqDgBwKg4ZdETRF1NYgoim49Jz1AYAP8qugAAQAIAAgAA"}
00419{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":485428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
@@ -127,9 +127,9 @@
00530{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00530{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00428{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -144,9 +144,9 @@
00534{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00427{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00532{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00424{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00536{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00429{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -161,9 +161,9 @@
00529{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00422{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00530{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00535{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00430{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00537{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00430{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}
@@ -178,12 +178,12 @@
00530{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":504810,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"CAAnmO\/hCAAnAERyCABFAAB6FSUAAIARM5fAqDgBwKg4ZcSPRFwAZtwsQQOAbEZyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTYgRUVUIDIwMTYifQ=="}
00422{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":512120,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"CAAnAERyCAAnmO\/hCABFAAAtX+dAAEAR6SHAqDhlwKg4AURcxI8AGfHhYUSAbEaLL3IvQnVzMTdDbWQ="}
00535{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":636911,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FUwAAIARM2vAqDgBwKg4ZcSPRFwAa923RgOAbRWOzuOZuXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNiBFRVQgMjAxNiJ9"}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_tot_l4_data_len":13320,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_tot_l4_data_len":13394,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_tot_l4_data_len":13420,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_tot_l4_data_len":13342,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":100044,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":100124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":99996,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_tot_l4_data_len":100439,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test"}

4
test/results/cpha.pcap.out
View File

@@ -1,4 +1,4 @@
00381{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603354463,"pkt_ts_usec":286532,"pkt_caplen":96,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":96,"pkt_l4_len":0,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"}
00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","type":33024}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","type":33024}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test"}

26
test/results/dcerpc.pcap.out
View File

@@ -1,11 +1,11 @@
00383{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":650,"flow_max_l4_data_len":650,"flow_avg_l4_data_len":650,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01262{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979607,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":650,"flow_max_l4_data_len":650,"flow_avg_l4_data_len":650,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
01262{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979608,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993940,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00625{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993941,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
01685{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12562,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
01685{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12566,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
@@ -15,16 +15,16 @@
00572{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":32496,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYAAAB4RF17AqAELwKgBFMADiJQAjCmEBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAIABP\/\/\/\/8ANAAAAAAAAAAgAAAAIAAAACAAAAAAAAAAIAEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAQAA"}
00573{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00573{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63382,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63386,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71384,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71385,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_tot_l4_data_len":2260,"flow_min_l4_data_len":140,"flow_max_l4_data_len":812,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_tot_l4_data_len":3502,"flow_min_l4_data_len":140,"flow_max_l4_data_len":961,"flow_avg_l4_data_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test"}

8
test/results/diameter.pcap.out
View File

@@ -1,11 +1,11 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":0,"flow_tot_l4_data_len":364,"flow_min_l4_data_len":364,"flow_max_l4_data_len":364,"flow_avg_l4_data_len":364,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":0,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00870{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":271686,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00726{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":292831,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00891{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":336701,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
00726{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":344805,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00822{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":350601,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="}
00642{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":357703,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ACYYlIbAABpk3ZWLCABFAADUlYtAAEAGfAcKyQkLCskJ9Q8cxw34vDFo9+H+qlAYIYAUAQAAAQAArEAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAwAAAZ9AAAAMAAAAAgAAARZAAAAMAABBbQAAADdAAAAMzvaZ5Q=="}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":192,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":192,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test"}

6
test/results/dlt_ppp.pcap.out
View File

@@ -1,4 +1,4 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
01956{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1,"pkt_ts_usec":31048,"pkt_caplen":1230,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
00158{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","datalink":9}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
01957{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1,"pkt_ts_usec":31048,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
00149{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test"}

50
test/results/dnp3.pcap.out
View File

@@ -1,5 +1,5 @@
00381{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
@@ -10,13 +10,13 @@
00413{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503490,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFpAAIAGmmsKAAAICgAAAwrlTiBVHBrTUsY4hlAQ\/\/9HiQAAAAAAAAAA"}
00413{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503490,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFpAAIAGmmsKAAAICgAAAwrlTiBVHBrTUsY4hlAQ\/\/9HiQAAAAAAAAAA"}
00431{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
00431{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
00414{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
@@ -27,15 +27,14 @@
00413{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":46134,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRZAAIAGma8KAAAICgAAAwrzTiBm5W0KXPq2SFAQ\/\/9bhAAAAAAAAAAA"}
00413{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":46134,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRZAAIAGma8KAAAICgAAAwrzTiBm5W0KXPq2SFAQ\/\/9bhAAAAAAAAAAA"}
00431{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
00431{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
00414{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00414{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00414{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_tot_l4_data_len":1173,"flow_min_l4_data_len":20,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
@@ -46,14 +45,13 @@
00414{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":256118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTjxAAIAGmIkKAAAICgAAAwsMTiCPBdutcwdUkVAQ\/\/8QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":256118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTjxAAIAGmIkKAAAICgAAAwsMTiCPBdutcwdUkVAQ\/\/8QUgAAAAAAAAAA"}
00431{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
00431{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
00414{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_tot_l4_data_len":6225,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
@@ -64,14 +62,13 @@
00413{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":7259,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAVRAAIAG5XAKAAAJCgAAAwQ4TiAZahgdlmx591AQ\/\/8HhgAAAAAAAAAA"}
00413{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":7259,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAVRAAIAG5XAKAAAJCgAAAwQ4TiAZahgdlmx591AQ\/\/8HhgAAAAAAAAAA"}
00427{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":20,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00427{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
00427{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
00432{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_tot_l4_data_len":4473,"flow_min_l4_data_len":20,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
@@ -82,14 +79,14 @@
00415{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883944,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaVAAIAG5SAKAAAICgAAAwQ+TiAMLRLLtl9I81AQ\/\/8rIQAAAAAAAAAA"}
00415{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883944,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaVAAIAG5SAKAAAICgAAAwQ+TiAMLRLLtl9I81AQ\/\/8rIQAAAAAAAAAA"}
00432{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00432{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
00432{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
00414{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00414{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00414{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_tot_l4_data_len":3327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
@@ -100,14 +97,14 @@
00415{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":93064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZxAAIAG4SkKAAAICgAAAwSHTiCYpsdU5Yg011AQ\/\/\/OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":93064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZxAAIAG4SkKAAAICgAAAwSHTiCYpsdU5Yg011AQ\/\/\/OxwAAAAAAAAAA"}
00431{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
00431{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
00415{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_tot_l4_data_len":783,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
@@ -118,14 +115,13 @@
00416{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234830,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpRAAIAG4DEKAAAICgAAAwSgTiANrtDD+Q2AtlAQ\/\/\/w0wAAAAAAAAAA"}
00416{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234830,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpRAAIAG4DEKAAAICgAAAwSgTiANrtDD+Q2AtlAQ\/\/\/w0wAAAAAAAAAA"}
00432{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00432{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
00432{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
00415{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_tot_l4_data_len":1005,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
@@ -136,11 +132,15 @@
00415{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295941,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUtAAIAG5XkKAAAJCgAAAwQ8TiBc3qwgBtOdpVAQ\/\/+b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295941,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUtAAIAG5XkKAAAJCgAAAwQ8TiBc3qwgBtOdpVAQ\/\/+b9QAAAAAAAAAA"}
00433{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00433{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
00433{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
00415{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test"}

20
test/results/dns-tunnel-iodine.pcap.out
View File

@@ -1,17 +1,17 @@
00394{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51082,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51175,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
00711{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_tot_l4_data_len":117,"flow_min_l4_data_len":48,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00723{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51979,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}
00766{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":48,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00538{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":52258,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"CAAnnOC0CAAnx266CABFAACCAABAAEARIjoKAAIUCgACHgA1rl8Abm4wMN+EAAABAAEAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAAHTEwLjIwLjMwLjEtMTAuMjAuMzAuMy0xMTMwLTI0"}
00767{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1282356640051,"flow_last_seen":1282356640052,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1282356640051,"flow_last_seen":1282356640052,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00463{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":57774,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_tot_l4_data_len":350,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00753{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00535{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":57973,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnnOC0CAAnx266CABFAAB7AABAAEARIkEKAAIUCgACHgA1rl8AZwLqTw6EAAABAAEAAAAABnlyYmkwMgZwaXJhdGUDc2VhAAAKAAHADAAKAAEAAAAAADAAAAAA\/\/\/\/\/1VVVVWqqqqqgWPI0sd8shdfT87JSS1SIWGpcSAlswZz5thEMHlQV78="}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_tot_l4_data_len":453,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00753{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00509{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58185,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"CAAnx266CAAnnOC0CABFAABtAABAAEARIk8KAAIeCgACFK5fADUAWRsabT0BAAABAAAAAAABKXppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItBnBpcmF0ZQNzZWEAAAoAAQAAKRAAAACAAAAA"}
00570{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58315,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"CAAnnOC0CAAnx266CABFAACYAABAAEARIiQKAAIUCgACHgA1rl8AhD+SbT2EAAABAAEAAAAAKXppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAAKnppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItLg=="}
00521{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58430,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"CAAnx266CAAnnOC0CABFAAB2AABAAEARIkYKAAIeCgACFK5fADUAYgOpi2wBAAABAAAAAAABMnppMDRhQS1MYS1mbPt0ZS1uYe92ZS1mcmFu52Fpc2UtZXN0LXJldGly6S3gLUNy6HRlBnBpcmF0ZQNzZWEAAAoAAQAAKRAAAACAAAAA"}
@@ -21,6 +21,6 @@
00508{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58865,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"CAAnx266CAAnnOC0CABFAABoAABAAEARIlQKAAIeCgACFK5fADUAVBazx8oBAAABAAAAAAABJHppMWFhQTAxMjM0NTY3ODm8vb6\/wMHCw8TFxsfIycrLzM3OzwZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="}
00557{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58974,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"CAAnnOC0CAAnx266CABFAACOAABAAEARIi4KAAIUCgACHgA1rl8AegzWx8qEAAABAAEAAAAAJHppMWFhQTAxMjM0NTY3ODm8vb6\/wMHCw8TFxsfIycrLzM3OzwZwaXJhdGUDc2VhAAAKAAHADAAKAAEAAAAAACV6aTFhYUEwMTIzNDU2Nzg5vL2+v8DBwsPExcbHyMnKy8zNzs8u"}
00531{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":59078,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"CAAnx266CAAnnOC0CABFAAB4AABAAEARIkQKAAIeCgACFK5fADUAZN9j5fkBAAABAAAAAAABNHppMWJhQdDR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P0GcGlyYXRlA3NlYQAACgABAAApEAAAAIAAAAA="}
00749{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356654812,"flow_tot_l4_data_len":37534,"flow_min_l4_data_len":48,"flow_max_l4_data_len":1478,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_tot_l4_data_len":37534,"flow_min_l4_data_len":48,"flow_max_l4_data_len":1478,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00761{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356654812,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":35494,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":35494,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00138{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test"}

10
test/results/dns_doh.pcap.out
View File

@@ -1,13 +1,13 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":789290,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876498,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
01104{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":878306,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"WkBO7NFkeDHBvV4kCABFAAItAABAAEAGIamsFAoEaBD4+cLVAbuk7FgjymHcL1AYEADUpQAAFgMBAgABAAH8AwMqXU892mwEgrbPk2vmEoCiukOQrlB4\/N6a6iNUaK2vhCCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACD0aVsNTtl9Lx5GVsNGBkDynRSOBTbpOHtuKkwLAFQkYQAXAEEE\/AmIeggJ9IHU1kIvKs+Cnhzk3A1QGe6QCQ18\/XG1ZOdvRPgliMZgJr06algkRN3zqCIAxCiyg6awi6QlLrsiLQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00406{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968624,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eDHBvV4kWkBO7NFkCABFAAAoZNYAADAGDthoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4uXQAA"}
02184{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968629,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNcAADAGCcNoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4szwAAFgMDAHoCAAB2AwPwfVV8aOGgOqslnV\/1t67BvhE\/CUUPutQ7u\/ptPTMsHiCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9hMBAAAuADMAJAAdACCW52eP3c9sJ7BucVzz5YXXrL\/9fKgMov2fd47YrNSOEgArAAIDBBQDAwABARcDAwtfl8dSqVJlFhhTrB6kCzdrJxMUxk\/\/NKmGFjSBcjqQg\/Oh4ocDInoxcfj8KqE4iPkrtYlIcWuIVzQZ5IEBgfzN9WiWEcp1vI7mZRdFuFbDM\/fMO9IRIgd0li2Z0iJ6prtW54qu0svWjPTN6C50IHOaMtYoo4mZOzFHXFH+nqxe93yeb2DM4Lg87Qop7FoA0G5kZFBdSEoo1Ic5XXGp1uoIupJ6iThilwtRyOcRxHPSEjmICdrH\/QMovglbqjFWQoKA9+NiXFNCSpAfGFIGZE74hWzG5lTHaFCCp2MkXYja46xT2NGan01mhUmWb3PW9ykuOi2GEY5B33r35wgRivDbvWKKi5FF5gkybxgDwYeFGANoPOjkbTywLR8CS5auIQkzBVa7Y3TKvUsJ8TfsUO4lZU6Niw\/8bkjXCOUdu6hSvFq4AdO\/aAt8cWCKfNw+b1D\/fcmQ7C4nb4Ou6+eBeJoqpIFH+rWEvp7l+9xwRMUWhj2zaRNUtBlSFwOQa6nUuTvNdMkUkoUxTkah\/7SyIp8ZXcq69DTBCkZI30bNtsgV+MEDREJL3xDosALMkMo8K1pkW3SnfmHDYv+eBqs1iTksxIycfW1s\/Q97V\/1iheoXh\/KQxscnA\/qDBhOTXMBrOk5zzuscmr1Rm9FDiytNTY\/DTw6lWopw2CwIICs2qaOrOJdoAQaVb7BeQjqUHYaKsKli65Ftdd69eRgAZ9BKrlqd1DLDYPF+gToz3nwYDP56BJFkW9gjUaW64fUtolc3E64AUh5PFDMkw2xOqI4yPmCKqZJiT+qGVWXkzZSeLGcoggFlVYMBXfCAIoD1ql6ZrIVW5l0nlh0XnLsSKwdoE6AZlw0YEiGoKXrrUaD7LWhe3k1EySK7ELeaW7y\/TBwEiRNhHJqVKIq8OEVK6XfuS5XTZsE8SxvkbETrEmaOCQ4J2EqO16p0yTLZU3d0quY0DDulv7\/IT+u6nblUy85dyHiH41bpJ1Kplgs1CEyjsiE93uGom4jeN5oxLFF\/J7gFeR5sCCkV\/h4OgUS7Bt\/R72XV4q\/W5XrY5nzIU8WDRQITC07tdcqoYtuyeGb+uE5hmONbXwKG8Ctuj4HLRVnT5ju0MPOev2GYMiQR5yTgQGNnCfU\/1Tk7bfp\/S6UvEFtP5wA8PFiHH5PFxbokSUKyRpUcr891X88DPczspXFX5YHF\/JqtGTO4ZxgjbBacpW6sXNzSQlW+7odW1heUGO+ytF5gLBX6HKdc8K\/dwg7CD2R0e2+iAS0XjVuXqX4GXc24B2gZ\/f\/5w0SvWR9+n1Wd7TgB0wQyGNs9a0U9nx8UcXk+ZUTqnDHJoqGuC4NWSQ5I7EF7AGsofYRU+7yIUfao8K5zn\/RX1pnZXFvbg2nvwMXtNrhP9+qo\/B2ROPofj8fuqjqUf6CmxPuxoDX8uD15RtA+Twb6CTkgVGZ5aoVX6PVYhU1ohghbb035VSYAsRNNd91H0CI5FHKCB2SZKu2I7B27i9Y\/ClP8JPpdDuN\/gQXoSnOda6CcVE+qD8kyh\/79T4hL30ZJDId88m0\/+w=="}
00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_tot_l4_data_len":1973,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02172{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968631,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNgAADAGCcJoEPj5rBQKBAG7wtXKYeFDpOxaKFAQAB7HaAAA8nvqig4\/mGd5hDrPzdsd3zWxrDG3ItVS2\/yx5vVtYxtIfA48NHveoVgHuoT0s91lX4UKZ448iKsrI6EBVUsNDAQrxtQ6pbM+nYO7zyLXksZC1MOImY4Rx+CtBFP6LEWz2I321KxNHT2PAppv4VdZEih7Z140XcLD3J4lTzuyWyxjXKtlEO7D5qrj8FM92DH4nX+G3uH4z6AcZfwFo41rGPcmLRP0ECZ1Z4kDzjfd9UbmqVmDohZNVYHwfjKOfp3LpmITpCYllmotBQXyfFJvAfYUU94fEmOcMJz7rwLfuJRmTZ5G3i+9DoNfPvaO0zAAgUfVX9fth1HoptxHwY3mllh+NBGQOkwGnmVzxjTHqT79nidxKs165NF97ghXpYRlInd177kCXia7oseAoDjRabU9xpyHfacc+aeEM7AcSUal5or2aMPi6j+hqexvnNlIOTX9085k8\/XTyj9lXJzd3ldKqyCsgD8pSX20a8q8MrW1vdhOPVbgV+M3UZXbvi0EsfruxKbiGbCvdAKUo+WsND2xsF9hghtBuO3CBi73D1EIb4lWWjrTib\/HX+lluNoBaQRj8g2jWXkD35o3aNXuO9Yze12C2bW7MAOgS50jOQcXHksXqhqDHjLTNhsfBxMt8u3FmF8PpiVpilW30OrZ5yw\/1XZ63oa+eHBIoByqm5kyAT+iLMcFfM9O3+CpLJLEyr6eyr5\/C2ISizRKsq3+\/+5HDWzb6YCkgbNovJSskHZ4et0X94IcSaEbCATVSt1dbYFhzsT0TdB\/muRpX2ZAX286vHchMG5IBXUivdQHy1ec8wvQTufW3zzc0Hr7KFWfHm2Jh2DiKDT8sd\/KMQwjD\/MtV1ipI9y8UmRMm6aHMd95A2WA4I8xyk4ifdnGZcVOxz1myl\/QxxSORURppT\/bv+6McPdK07PaPsGtHMAuLKzms3JmvykSegQcs7jnhxQDe8bhCTB\/ynIM0xnG9hp3AxN+LK5diR1Ggxwoa16plvF3cVq9JXEVV4rkC9DauZDJKEt0WkLBmvdAkOU9edOrC\/ngauFFHwffGNylgxRWxX9HXZir4jNPoD4Z5\/3AA5UDnfUuwByTERhmAT2MwA+m1wmQ06\/y6GEOOttUsDi0Em7Y4HHhBCTXLBo88oIQ8uJtblqhiOj2mlU1yFhkuxHEntt31Zj59COHTDEDWoSFdqSRkYZEEZSkZcsW6LEMfgitVHhoRZCWct6bgP5RFABnXKtqllD7pCsjr\/S8bYPrDsz97\/Hsb9zkpK5sFdUwdpPxRnQbgCQUUv86qZ4Iv2JX1xGuH88eLPgJvPsyLmL61n2ifuweKT0sTNENN46hR+G4In3Y2ORCo13GEeE\/1wtMinv84rNxCDKFqY1epgUYs23C1232tLcXqjuYQYjdcLS4zPGFQMbsR741LBOD06fC\/8RD1gxjLsHrsnCCrSMCL+K8C+WOFh9tqtRO4ZjpIwCaj6unlavg4hR\/sAqW+red6Midy2ySfE8RV7Ujss7CqWHZqem+jeuo0p59rFs50Q93KacTG3UQIlhC4fB9o9zfI+l2jE+ltpyQU+BT2vDg1MBFvlDWHnEdaQ5KelW3iVsevF\/GNv2F4+q3fK\/peVzd5jI1TbqVtEvuQGJttO9v8C6CTQRHkjn7U6MsO6FYaWV0JxWd1E2vTYXo6MhfcCMlhYP5QiU0Fl2\/Futai78DKbFID0B7IFybOYxhwKL8nZTzfEDlCA=="}
00406{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968732,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQD9cUfAAA"}
00406{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":969243,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQEAAUUwAA"}
@@ -17,5 +17,5 @@
00644{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997105,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"WkBO7NFkeDHBvV4kCABFAADSAABAAEAGIwSsFAoEaBD4+cLVAbuk7FpoymHoGFAYEAAeoAAAFwMDAKVH6TqazYA7ng6LT4l7ICcI+zDrPqkD74EaZ6KlHesT55LnIvUipV2qXZpL8fzDqyEQhFLmXlLAQ93tMr6RsRmWGutBjX2OhZG68kQ4zzqatM7jcG4Y2nVphp4aNS7ac9Qo2\/v7IVdjtQB1CkeQwcFBtxuU+JEsGcEl4y5hc2GPOmwe\/WlOtwx06\/p3NlOkXM54GAVosDROpyIcNMw\/TJ\/7wU2Gazw="}
00738{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997215,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"WkBO7NFkeDHBvV4kCABFAAEbAABAAEAGIrusFAoEaBD4+cLVAbuk7FsSymHoGFAYEADbRgAAFwMDAO5\/vj0XEVnApHWZyVont16WzoBfdkAUmUbtIto2rVqakjpRrb9v2jurJwqyY\/z6UQZ3HmonNk14uRAJ2lvf9WUw3Lxqp7XnO9mc2Y0eGDeOQ78Bx7eTPAZJQY8jyiAoQ0jXnRqdThIktvVorw4e0Wm1AXUizW5CUhMfL\/E8EAZDMdczfxELdU1ZS42ZaZ+Phxpxn5fNufCX++USMGjMdp0Yzm2pqkSCVTURNOtV4CfYYOT0WamTvw9J8T9gizqAu6EOuMORP1Jd2wYehzjyC0fMtnDXpkcDrt5TeWwCR9SAmt3pp7M0dWeWWko8+S69"}
00518{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997306,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"WkBO7NFkeDHBvV4kCABFAAB3AABAAEAGI1+sFAoEaBD4+cLVAbuk7FwFymHoGFAYEACdtAAAFwMDAEqnnHxUsCqmPBkBxfdKmS1LGWAClj9T3prwE3TeVTsVPs4vesfDED+gBYka+2qIBZHm9ndhgvy1QPO4+xzZ0FzqwIc8Gf+UTIjqXQ=="}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_tot_l4_data_len":15534,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test"}

10
test/results/dns_dot.pcap.out
View File

@@ -1,13 +1,13 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":234722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
00692{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269902,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uCfrK5DxCAAnjau+CABFAAD6w6lAAEAGo+PAqAG5CAgICOOyA1VVRPv47jtL2YAYAfbTXQAAAQEICiovlTaOOwAQFgMDAMEBAAC9AwOCK\/MuQQ5sSYHkQFarOZKq84a6P\/ILns+YkoRGDIAgSQAAMsAszKnArcAKwCvArMAJwDDMqMAUwC\/AEwCdwJ0ANQCcwJwALwCfzKrAnwA5AJ7AngAzAQAAYgAFAAUBAAAAAAAKABQAEgAXABgAGQAdAQABAQECAQMBBAALAAIBAAANACAAHgQBCAkIBAQDCAcFAQgKCAUFAwYBCAsIBgYDAgECAwAWAAAAFwAAACMAAP8BAAEAABwAAkAA"}
00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":32,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":302644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"}
04560{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319899,"pkt_caplen":3135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3135,"pkt_l4_len":3101,"pkt":"CAAnjau+uCfrK5DxCABFAAwxcqsAAHcG8qoICAgIwKgBuQNV47LuO0vZVUT8voAYAPDelAAAAQEICo47AEIqL5U2FgMDAD8CAAA7AwNdvsYvAkHw9e7UIX3PyBcPhbDwczOdLTRET1dOR1JEAQDMqAAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKegsACnYACnMABh8wggYbMIIFA6ADAgECAhEAm93VOAzvaEYCAAAAAEfYsDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MTAxMDIwNTg0MloXDTIwMDEwMjIwNTg0MlowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxEzARBgNVBAMTCmRucy5nb29nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDabVL3kPdFkZMO4tZFZTS3pJCwgDAv0Vaooht8m3xHNG+02FQTpPXnHzVnED+66l8hLi\/lnzRXG3UO6kuSQ4n4aWPEu9y2EfYMSeRt0uZ0Oyx\/Nx0pLeJwf6Q+MeFJ8ViEiMtGPi6uWxbiLjtXxqXEEiYRBaFtX5jMDwm6wV40e+vEiP\/kQOf7WOTGimZzcxCCcJn8hFiAlLXC4ByzIwFE7xcVdP+ydRE9Zy9T\/Y0rFUDDjCcYJFpw5Py9J+9HYCFAcloNZg8S1ortTsRH90h3RwM7Tn\/bVSEzsWHebAF6mMcoc0B8uk3A0szJiY3cqwMwi0ESAYx1nRkHC3pbrq5\/AgMBAAGjggLoMIIC5DAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUeGOKNB8SqBHv7OJWGnOorUt7eUgwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtt65opAAABAMARzBFAiA2zaOLybV\/po66kZBkyy8WcFZVe8T\/uksXcjWZlDY2pgIhAPeTjLqwHjLhH2wgJ9gFinuuR7lLCOmx+MCyMKiIOxiBAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFtt65owgAABAMARzBFAiEA1B5xDge6E+cVFJVON0YMFY48b6xoUFxQUvzMkiMWUYYCIGScEKTeAm5hjbas8zubogEIcrvEFI\/6e0RKPgdzzou\/MA0GCSqGSIb3DQEBCwUAA4IBAQA9Dp7Wqfw2aYKeyr7uJlu4SujZSvaN675RHdEPhMj+qJGop\/Gq5vJbt91usUroGfvDFQb8VoGPSLFynOC5OY06PXWWCd5c5kKN\/iTeEjX9Ha8HQlh9FEvaul9Qz2lQt+cRe3qRpImpRl4DMKtgNOCxk9SnRVEA3P1o+uOVhDwcPdK2VQ2NPqzeGatK+IxwlukNqW6ZOiKyZvEqQawdfWbDQ40fYxm10LSZdohzHkPn9Oar7WOKW1cMYwnaW7ItZQ9mFqJrMky8xTzHCDRgBJdrijixQdHfxSUsfSCPGAUn5KR0BMBA9hr5HksIm6zCgJYEwKr1jJCqJhVnFhxD4c7tAAROMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKgjEv\/SJH\/UL+dEaltN11BmsK+eQmMF++AcxGNhr59qM\/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmKFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7XrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd\/cGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7HTgiZ\/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoNFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ\/XteDSGU9YzJqPjY8q3MDxrzmqepBCf5o8mw\/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wWIRdAvKLWZu\/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZUSpxu6x6td0V7SvJCCosirSmIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwEsDAABKAMAHSCENl1POvb6My7D4hPc\/sMJ7Tufg\/LCEx1rGH6qSE8RaQgEAQC5wySkCTDkvijEKyzcSo\/8MnFKyuNuS9ozlsIo\/40DVij51vWGmHTS5GhFyCASQxaHGFTYsSHNMC3Wgv1H5KA3Mee1B9o\/hTw4uoTHLTeXjL2YEsYJN9UTVvZQVJzdkM4XQcWw5Br+vs7\/JC6fD8JjJh5+eSdQSQUB1aDgH89Z9ZwCeYsojgzQtwUQ5wgEEXVn+8ro2wBZ1wX27tOYjI\/oTWlDrsQz8l4usXnSogdtc1LL9t0IoL8kjOwDk997Z7u7Ftz23DDAL\/5t80M3zHefGPuWFCnrCFYqLE6vev\/cyzB+YQm+GAEHnkVrh2JZz65l3\/Xfzwl06w\/f+XmJ7He+FgMDAAQOAAAA"}
01180{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_tot_l4_data_len":3475,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3101,"flow_avg_l4_data_len":579,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
01191{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
00422{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6pAAEAGpKjAqAG5CAgICOOyA1VVRPy+7jtX1oAQAenSlwAAAQEICiovlWiOOwBC"}
00544{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":320932,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"uCfrK5DxCAAnjau+CABFAACJw6tAAEAGpFLAqAG5CAgICOOyA1VVRPy+7jtX1oAYAfXS7AAAAQEICiovlWmOOwBCFgMDACUQAAAhIIM\/\/7FVcfHSFoqNIHr07cwqtvDH7hAhWndiIOh8GFcLFAMDAAEBFgMDACAsJJrG91X8jl9pfndV2J\/0bngr7Be5pjDHfr3UQO+thw=="}
00456{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":321029,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw6xAAEAGpI\/AqAG5CAgICOOyA1VVRP0T7jtX1oAYAfXSrgAAAQEICiovlWmOOwBCFwMDABJ94OHAwTINl5f66A1sOf3\/IT8="}
@@ -17,5 +17,5 @@
00581{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":362911,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"CAAnjau+uCfrK5DxCABFAACkcscAAHcG\/hsICAgIwKgBuQNV47LuO1jqVUT9aIAYAPA14wAAAQEICo47AG0qL5VpFwMDAGtCZAKYrlOw7p7Ypme9t\/jxCtE4s3HbB+oF3nvBhGolPit9CQPVOUDaPHWJ6Wddy5sdn+0b82cMnVdi1F6cKaM9dEhCKMWku7ZXhgF9LPwgwe31yVB9tI+mAU3oHSrmP6q7mlJnO5Q6OCmQ+g=="}
00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":363038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w65AAEAGpKTAqAG5CAgICOOyA1VVRP1o7jtZWoAQAfXSlwAAAQEICiovlZOOOwBj"}
00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783664,"pkt_ts_usec":523258,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw69AAEAGpIzAqAG5CAgICOOyA1VVRP1o7jtZWoAYAfXSrgAAAQEICiovmhuOOwBjFwMDABI82N\/gUdWtanJsd6FACr8N0eU="}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_tot_l4_data_len":5053,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3101,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test"}

20
test/results/dns_exfiltration.pcap.out
View File

@@ -1,17 +1,17 @@
00393{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":717893,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00863{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":888524,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_tot_l4_data_len":533,"flow_min_l4_data_len":181,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978147,"pkt_ts_usec":753419,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="}
00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1580978146717,"flow_last_seen":1580978147753,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":132,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1580978146717,"flow_last_seen":1580978147753,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00732{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978147,"pkt_ts_usec":755001,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"jNzURr7Eqqru7hERCABFAAEQPNhAAD8R1NPAqMunwKjcOAA13DUA\/N3XfRqBgAABAAEAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAcAMAAUAAQAAADwAbAZkbnNjYXQ\/OWI2MTAzZjUwMGVlZTIwYjE1MTVmZGZmZmZiNTU4MmRiY2I4YzYwODg4NzY5MjFhNGI2MTNkZDkyNDIyNWQ1IzM0YjgzZDM2ZjJiNWJlNDljMzM0ZGIzMzAzMmFkNjE4ZTc1AA=="}
00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1580978146717,"flow_last_seen":1580978147755,"flow_tot_l4_data_len":917,"flow_min_l4_data_len":132,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1580978146717,"flow_last_seen":1580978147755,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00530{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":768689,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"qqru7hERjNzURr7ECABFAAB6emtAAD8RAADAqNw4wKjLp9w1ADUAZimpRz4BAAABAAAAAAAABmRuc2NhdDxhMzVjMDBmNTAwNTcwM2M4YjFiOGNkMDAwMTE4YjUyMzQ3YWViMWQ3MzM0MGM5N2NjYTQzYzM0YjI3Y2YIZWRmMGRiZGEAAA8AAQ=="}
00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1580978146717,"flow_last_seen":1580978148768,"flow_tot_l4_data_len":1019,"flow_min_l4_data_len":102,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00792{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1580978146717,"flow_last_seen":1580978148768,"flow_min_l4_payload_len":94,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":979,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00607{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":770600,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"jNzURr7Eqqru7hERCABFAACzPONAAD8R1SXAqMunwKjcOAA13DUAn\/NXRz6BgAABAAEAAAAABmRuc2NhdDxhMzVjMDBmNTAwNTcwM2M4YjFiOGNkMDAwMTE4YjUyMzQ3YWViMWQ3MzM0MGM5N2NjYTQzYzM0YjI3Y2YIZWRmMGRiZGEAAA8AAcAMAA8AAQAAADwALQAKBmRuc2NhdCJmYWVlMDBmNTAwZmFjZGFmZjY2Y2Y5ZmZmZmZmZDMyZGJjAA=="}
00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1580978146717,"flow_last_seen":1580978148770,"flow_tot_l4_data_len":1178,"flow_min_l4_data_len":102,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1580978146717,"flow_last_seen":1580978148770,"flow_min_l4_payload_len":94,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":1130,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00481{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":773336,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXemxAAD8RAADAqNw4wKjLp9w1ADUAQymGG10BAAABAAAAAAAABmRuc2NhdCJmOTdjMDFmNTAwNmM3OThiOGQ2ZTk5MDAwMmUzNzcyYmM4AAAQAAE="}
00546{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":774576,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"jNzURr7Eqqru7hERCABFAACGPORAAD8R1VHAqMunwKjcOAA13DUAcnoeG12BgAABAAEAAAAABmRuc2NhdCJmOTdjMDFmNTAwNmM3OThiOGQ2ZTk5MDAwMmUzNzcyYmM4AAAQAAHADAAQAAEAAAA8ACMiMjU1NTAxZjUwMDM1MjJlZjQ2NDE1NWZmZmZmZmQzYWE0Yg=="}
00481{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978149,"pkt_ts_usec":783307,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXepdAAD8RAADAqNw4wKjLp9w1ADUAQymGMhMBAAABAAAAAAAABmRuc2NhdCJjMDgzMDFmNTAwMGViYjFmNDIxYTAzMDAwMzMyMGE2MTViAAAQAAE="}
@@ -21,6 +21,6 @@
00483{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978151,"pkt_ts_usec":800983,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXeuJAAD8RAADAqNw4wKjLp9w1ADUAQymGXxkBAAABAAAAAAAABmRuc2NhdCJmYjhiMDFmNTAwMmZjMDE3ZTYxYmRhMDAwNWQ3YTZhZWFjAAAQAAE="}
00548{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978151,"pkt_ts_usec":802508,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"jNzURr7Eqqru7hERCABFAACGPjJAAD8R1APAqMunwKjcOAA13DUAckeuXxmBgAABAAEAAAAABmRuc2NhdCJmYjhiMDFmNTAwMmZjMDE3ZTYxYmRhMDAwNWQ3YTZhZWFjAAAQAAHADAAQAAEAAAA8ACMiYTYzZjAxZjUwMDc0MjhjMzBlMWMwYWZmZmZmZmQzYWE0Yg=="}
00483{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978152,"pkt_ts_usec":810482,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXezVAAD8RAADAqNw4wKjLp9w1ADUAQymG420BAAABAAAAAAAABmRuc2NhdCJjNGY5MDFmNTAwNDcxY2Q2ODNlZWQwMDAwNmY5MDdmMGY0AAAPAAE="}
00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206666,"flow_tot_l4_data_len":50136,"flow_min_l4_data_len":67,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_tot_l4_data_len":50136,"flow_min_l4_data_len":67,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206666,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":48096,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":48096,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test"}

10
test/results/dns_long_domainname.pcap.out
View File

@@ -1,8 +1,8 @@
00396{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":555538,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00562{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":578187,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":69,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":69,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00707{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00138{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test"}

1748
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

File diff suppressed because it is too large Load Diff

278
test/results/dnscrypt-v2-doh.pcap.out
View File

@@ -1,23 +1,23 @@
00392{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":533748,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02338{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797787,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_tot_l4_data_len":1733,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02251{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797978,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00454{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":798962,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABG4UpAAL0Gsf4KAAABi2PeSNGqAbt5f9uy6vvLelAYAfUqoQAAFAMDAAEBFwMDABPWqttRMY+Z46PAR95YRNrv8Sy\/"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00797{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":58659,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02326{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325554,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_tot_l4_data_len":1733,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02250{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325747,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00453{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":326863,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABGIvlAAL0GcFAKAAABi2PeSNGsAbu+7R++IflDb1AYAfUqoQAAFAMDAAEBFwMDABNO8IRSNKqnBU+tmi3o0yr7jeRP"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_tot_l4_data_len":318,"flow_min_l4_data_len":318,"flow_max_l4_data_len":318,"flow_avg_l4_data_len":318,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":432784,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_tot_l4_data_len":318,"flow_min_l4_data_len":318,"flow_max_l4_data_len":318,"flow_avg_l4_data_len":318,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04349{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474088,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_tot_l4_data_len":3242,"flow_min_l4_data_len":318,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1621,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01548{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474151,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
00528{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":476319,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4UVlAAL0GF+AKAAABuV\/aKsW2AbtqjRHEK201jlAYAfVUsQAAFAMDAAEBFwMDAEXf5i7KhTG4S8dv24+5p+S+LhQ+PYyJONVNe1tUvJx\/L+\/9b0i1+dS9lEG6c5mDNHT9GO4jeygeA+4A4wrs7q7eoeKIu20="}
00537{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":476473,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+UVpAAL0GF9kKAAABuV\/aKsW2AbtqjRIUK201jlAYAfVUtwAAFwMDAFG0yPRl5vfYgYrNqN6Xr0RSsU8qyxBJs\/X5WTC1lrz\/gpr+0l90DKKjt1jArHygBMrF84aQB1D6XplQ1nx8u1Fux106dKe9yzC6\/Eneuw2en7U="}
@@ -31,11 +31,11 @@
00460{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":516599,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8ZdAADUG\/9K5X9oqCgAAAQG7xbYrbTmSao0TblAYAfXKPwAAFwMDABq2w+EgNw1Uc4R5UXmOYRclitVqGcW6tjqy7Q=="}
00565{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":517294,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSUWBAAL0GF78KAAABuV\/aKsW2AbtqjRONK205sVAYAfVUywAAFwMDAGXrvgAlUHCjITpl4KMASatmqna9e\/E+FqvmZh7UxJcnge5ROlIX9hZsf4Ya92Ea2RROdlp098UA+mdHl5vxFOf1boQLJpYUnuHc3BdCsWdWSLwcpgO\/rDPjVLlI4Me24bd9SJzWTg=="}
00569{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":535061,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWUWFAAL0GF7oKAAABuV\/aKsW2AbtqjRP3K205sVAYAfVUzwAAFwMDAGlo6TRtzKG2Adwzj03nWd9OaygWX7gjGe9hX13CVMXOcFy2nYCY6j\/80gf5Bt1OkzQH0vPzsKbCxgckIEET7XKmYgeG2kNLad+9Ya0NpTF2SiB0RB7Qw\/V29rzYCtSBJC6ss51HwxxhdQ0="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":846437,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04667{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":885416,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_tot_l4_data_len":3461,"flow_min_l4_data_len":310,"flow_max_l4_data_len":3151,"flow_avg_l4_data_len":1730,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00507{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887457,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
00535{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887574,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+CqVAAL0GK0gKAAABM56TMtqaAbsV\/En6hf1DuFAYAfWH\/QAAFwMDAFHXdLFaAz+Z2rHdRMF6waDqPR4Tw1IOHDhUOX4GIW3IMxkSZnzM4IxIu8uFUy3E0ZKGcdTqsrNExBJvv2oqkuc8+GXwUqWl+KahajxLfpnsMkI="}
00661{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887767,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYCqZAAL0GKu0KAAABM56TMtqaAbsV\/EpQhf1DuFAYAfWIVwAAFwMDAKus1yP1uKqMf1urenhXvkk1hHi5ysvI5vyFfqtgY7v\/4nRbEU5uNq0wg5+jVbveXNEZspGMDNtai7WF8t2v\/t5LwbYD+cQyx\/yKWMvd+aPvRdf9hU+NHxeDFND1qO6ntW\/6XX3UERjRgJPnDDWLmLo9EfSKCZqn\/QZLxvp1pQX6lmDwrVkvwYAqwv6GnlidXXNWG\/GwqTe+iZ37GYK1wGymo\/DctlUHBZMn+D0="}
@@ -49,11 +49,11 @@
00560{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917223,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRCqtAAL0GKy8KAAABM56TMtqaAbsV\/EuRhf1IW1AYAfWIEAAAFwMDAGSama1Yhb51kK2zbQ6rM5eFyfh7rS1snhG9VmY4XL+xDlnXMLc84rbL3uR95gwnzpyGXbL2WOZQWI4tSDxAo8uplzLFHVcroxi48kgP5kyZVcB\/WhwSKkWrDV3iMlXjmckAj51E"}
00568{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917307,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWCqxAAL0GKykKAAABM56TMtqaAbsV\/Ev6hf1IW1AYAfWIFQAAFwMDAGkg3rUd+kv9D7LpeRqMgxeTsATVsDIt1mVHZnZqap6LKtw1K9Gl\/XnzCbmcIcjEn6NFnYjtNrvcQuyI+J3IiMpas9FE+4hRsQRXQ8osoT3u2QKxF0Kde5d9akjBi20rbEm5NigAzZOpgMU="}
00483{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":944858,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"ZmZmZmZmRERERERECABFAABYgBVAADcGO\/4znpMyCgAAAQG72pqF\/UhbFfxMaFAYAfVMZQAAFwMDACvzd62r12MvNm4T9ST9QVvoNu+55SlThx2NBggyYv+RPK5HD9OFiDS2kFMI"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":16448,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":61248,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00613{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":63924,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
00505{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":65983,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoJYdAAL0GgwwKAAABuf2aQugMAbv\/W2kAE34bUFAYAfUVVwAAFAMDAAEBFwMDADXfncreHH\/w41ETGxAbKhaT3vZm4z54UR30vbUShr9IVbJ7OCCA+pMljhOzcbHXS37RYg7ndA=="}
00534{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":66151,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+JYhAAL0GgvUKAAABuf2aQugMAbv\/W2lAE34bUFAYAfUVbQAAFwMDAFFCEWDs3sccqWd0uheET3JL6DjLTtPLiQmtDDP\/Rl5nPBW1sUJXIKVZtvgSbC59saZ4oVaBt07mMLExEbGQTB1v0bQ3ojKnMrYG+LAmpLooAew="}
@@ -67,11 +67,11 @@
00561{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110719,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRJY5AAL0GgtwKAAABuf2aQugMAbv\/W2rVE34e6FAYAfUVgAAAFwMDAGSwGvxSL3FIyDR310\/9O7PcMPe0ggdrreIARkJTs2CLGVT1Ypiw13DA1nyD6gImpazyC5vUf1UFekKskNcT2L7LbMB\/g+5wrrV5znXzb6XmxNp1ibeEuMn3nwejnFN9EIiup5Kt"}
00570{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110871,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWJY9AAL0GgtYKAAABuf2aQugMAbv\/W2s+E34e6FAYAfUVhQAAFwMDAGl4Ax7b\/n2TYV+yAF7kw\/tZI7yNepzO7WMF9ElM742tNU0B1rqhUIxffsYxoT0e94SkRODtGgqBbI5T1DuYgzpRkCmv\/VBGiBWFJFnG96I91tiatUHn0Ag2aFFicyHE0j8xCQuA5vGVoO8="}
00465{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":152934,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL+VFAADkGM1+5\/ZpCCgAAAQG76AwTfh7o\/1trPlAYAIUVngAAFwMDAB5IOLZETBFPI2tNUcP0eQPXsxWmDRunSXpjj7yYkUU="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":650572,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02386{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852459,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":301,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":886,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03390{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852672,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
00505{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":854743,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoLvNAAL0GxCcKAAABrGhdUJ\/qAbvjN21TlQO9DFAYAfXKzwAAFAMDAAEBFwMDADVZFDeGx9jhCVSvCDaoaTI7mm2C6bZOxUPj4ceROxo5CeHsTjuSnwiy3kJv2riOTzR6QvI4fA=="}
00534{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":854887,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+LvRAAL0GxBAKAAABrGhdUJ\/qAbvjN22TlQO9DFAYAfXK5QAAFwMDAFFabSFzRWPlZVKWzVkzQqDNwl3RlR5jphaFJDPBgV+CTmoVTmB0SLiXAGsFcB3shFjQukJa1DJWCTsOPPotW0xzi+wcsm0T4LkQV8d6PaOHtYA="}
@@ -84,11 +84,11 @@
00570{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":49558,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWLvpAAL0Gw\/IKAAABrGhdUJ\/qAbvjN29olQPAulAYAfXK\/QAAFwMDAGn1FOkTV8bkkUFsuChemkwWhSKcZnZUV5rDptmc\/he41kQXSfhBbGvHpaGpylzzgsGVyupoZ20AruLps9TDAGvxqBhIazXRcryUNoAnFkGoZvlonJzUO8s+\/7AiDlBJ8C3ozU7+6HZhRlE="}
00799{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241227,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"ZmZmZmZmRERERERECABFAAFBYsVAADcGFX2saF1QCgAAAQG7n+qVA8C64zdv1lAYABYDRAAAFwMDARTrTqe\/uHssUSe\/BxhHUCQnJdK8zPVZzxi61zBMtiDfzpbO88e+tPjHzdRl6FcUa+bNfalZxPGXaQ+zB1NyAOYpH2UrhmWzi1qPlCYzZkG8Szz1HaauJAYnB0P3OPeOU4747d+bb70yirGt8iJL90AeQy1tELZt6ToWjyyyDcQ50bJED8\/OlUkfbS6pcPtAKzSdD2oH3ZDav5+EQgksXYHvZ3e2yPeCOi6FPQya7KNI5O05wb2J0Yrqi+eF9cKQx6Ef0GOy1QN8QgjZG7D4y\/SoPB4TeV5S72x0nGMxV8z2gZ3r2w2ez3ujPbpr0kHRNVU4Pa7+P11fiZ1flJCoH7xKpzJtrzRY\/BfEtfcWpiTZMR8qzv0="}
00466{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241606,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLLvtAAL0GxDwKAAABrGhdUJ\/qAbvjN2\/WlQPB01AYAfXKsgAAFwMDAB6h799Z6YSmgeoCnvmbPudRM5Zunhi\/Era65MsC8qs="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":588567,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04632{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":697795,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_tot_l4_data_len":3426,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3120,"flow_avg_l4_data_len":1713,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00505{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700192,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
00536{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700329,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+z7RAAL0GqRgKAAABp3LcfZKaAcWpCIlwh0yCelAYAfVFHQAAFwMDAFFigyjvaz4NANCTzY4A\/FUXStyH+vseBven0alEeSEgvizXGcy1JnutBrGtSy8oe\/Q87ZYytxhafI\/Pby87ceV10hAtpAb+z8MULO4M5g4llwg="}
00654{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700554,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"REREREREZmZmZmZmCABFAADXz7VAAL0GqL4KAAABp3LcfZKaAcWpCInGh0yCelAYAfVFdgAAFwMDAKrhH5lHsVppiHapV0zMHNQK3jqxCpj8r+ER9OICFkNzJz9qMJa5JYEXb22MhKW4BH33WnJ2LmSW5MNK8j08SmNpIfM2RW6B6MFQCpHtWW9tEcGzveBruJEzzvXnhr3LZ5undg3ELbCtFU1iSyysu6j3nVfIFS3ncxFxzeF7SNyd5mNUDjIyfOHruygpvCXPI1LCM85A11NVhG1DXv\/2DVueewebUqyir10dfA=="}
@@ -102,11 +102,11 @@
00463{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807508,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLz7pAAL0GqUUKAAABp3LcfZKaAcWpCIrjh0yFQlAYAfVE6gAAFwMDAB5H180FN1WxacaxhnoQHhq2NjiZyrRyAme0TEU8JOI="}
00564{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807613,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTz7tAAL0GqPwKAAABp3LcfZKaAcWpCIsGh0yFQlAYAfVFMgAAFwMDAGZ4tXqlwfbAQvZu8ODXG8wQDCvKFpu\/Su7bFHNR4TqZWjHfQcytP0HkKD+su6Jwbzx6PS8b9VRvaNXJwIYoXHnyA0b\/zq9gf9gDnSOtgSSK654K03rZszN9Ew6dltH4fGIG912EB9U="}
00568{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807685,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWz7xAAL0GqPgKAAABp3LcfZKaAcWpCItxh0yFQlAYAfVFNQAAFwMDAGkkDzU65XfdIOYT+nJzAb5iwIS79Iug7SsJVvuIivcTddhHId7chPL3Z4DfINNbg5VXCvFXc9IpSlgsLyK103E8hL6U6\/nz6LtSnd0GMTNlhz9hqobz83bi9FGSwAgX\/N289OYycU2ONOA="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00795{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":980322,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04468{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":16000,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
01080{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_tot_l4_data_len":3324,"flow_min_l4_data_len":301,"flow_max_l4_data_len":3023,"flow_avg_l4_data_len":1662,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00587{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":48333,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
00485{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":82444,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABb5XxAADUGXze5K4cBCgAAAQG7lSox5LEIq4QpxVAYAO3kswAAFAMDAAEBFgMDACgM3BAgXmTBrS3s\/v\/TLpgtdJ4pAYEQBzm8bgZO9q3GlVtpE11XxqpT"}
00466{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":82460,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ZmZmZmZmRERERERECABFAABO5X1AADUGX0O5K4cBCgAAAQG7lSox5LE7q4QpxVAYAO3YLAAAFwMDACEM3BAgXmTBrtvUUjN4IXyxDqm09\/JiypfLAmSXnwNvJzM="}
@@ -120,11 +120,11 @@
00539{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117844,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"ZmZmZmZmRERERERECABFAACA5YJAADUGXwy5K4cBCgAAAQG7lSox5LHbq4QrSVAYAPUtRAAAFwMDAFMM3BAgXmTBsszXKmPJMeQOI0MkfcYQA+ooKae5hUP4MLmmY0Ld7Ih0Dxjdtk95UcVjx99quseqon6HZoBzdoLKcy0HNp6dn4X8nvirHS9hBjPbpg=="}
01110{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117867,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"ZmZmZmZmRERERERECABFAAIi5YNAADUGXWm5K4cBCgAAAQG7lSox5LIzq4QrSVAYAPUvDgAAFwMDAfUM3BAgXmTBs1EK1nwDpA88In8MceRrmtJr2Wr4aoGn3\/n2lDfrsPqQIBb4xIkDKr+I2Sj+uDNXlePUZ6J1jVI+0qdO9IqbHhqFT22V25ts0QyQ4VGab5UJTinlh\/mN\/OiNvXbisYzaG6BEYfKj3wcbkNUWOxfW7DrEIJk2c5tdTz9u\/f0Vrp5jE2tqJHmzfL\/0yUnewzzy0R00ovZ61HlVYKs+Nrzgbi49J2eDzKj2GlootXyxkli7MBhoNehJ6BqKpnQhvFVjHXixnbu\/3miHh15czY04hueDFv23\/N5Db2FZhL05Xp9Fe5ZThoWZOpYKBWQZlTb265ZkcmCVNJNZWkNkvGOtw\/fK6QkzIJaSQnMKlnCD94ceC0oVOpbKCHADINuM1SwUtcuZz4wsykjAlHWdJkknp\/W1GjsBrD6z\/QdBQBqFyTbn+nEqESVwEhOTVz9BPSGznJc+44haEBDvenvoKqPZ\/y68H6aaocqKOSld1\/ZOolE4+QDtZBSk50c\/DsvdUtXFg6t1b40dUBvlcKDyIKs6VFOGyO\/BfMIruYRGQm+7Gq8xV2iH4YP93CtqIEycckUV3HnkYB6thnLC8c6ovcFGmZZX1aXXD6KzprKovxrN1Yw9fQjLR0JzntgwVfgZCvZ5aCfFG4E+lVeKVNJQ\/xE="}
00472{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":118184,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"REREREREZmZmZmZmCABFAABSYCpAAL0GXJIKAAABuSuHAZUqAburhCtJMeS0LVAYAfUBLgAAFwMDACUAAAAAAAAABY9aRMDmOR8f9esMpluWV5JN3iwergY59UqdwDxq"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":335665,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02390{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":357881,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_tot_l4_data_len":1777,"flow_min_l4_data_len":305,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02540{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":358034,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
00528{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":394899,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB48XFAAL0G+T4KAAABCQkJCso6Abuxr7sBL4f\/61AYAfXTOQAAFAMDAAEBFwMDAEVsvNBLawQQ\/QfxJf3NLpeF7eAiUlhCDm37dRf6vXOC0VcPLFJUrmdWYdRdI8w8wDD+uKAkMT3Wsv2DaZVXdNXVQPPAkgM="}
00536{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":395002,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+8XJAAL0G+TcKAAABCQkJCso6Abuxr7tRL4f\/61AYAfXTPwAAFwMDAFFoIkgZAncDrVQtZhxU59u2TnfYXuklezZY\/lnRCXnYBC1Rn+rtNjTEGwm84kLz7QwRhvXYq2B9+mlphTgCBe3P2jyxhVVoBcmooRlGblt7DM8="}
@@ -138,11 +138,11 @@
00563{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417268,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACR8XdAAL0G+R8KAAABCQkJCso6Abuxr7zAL4gDklAYAfXTUgAAFwMDAGR9NyGzywy8SdhomKhtO\/rl30vXbMuXESX\/Q8svv20kgZYHPLVif9KPBXpYw79WxwwmtvYreHRJn7\/WUhroH5ZlNkuGsDwGzjA6xI2Sey+ge6QhNtyEV9KdchXRnVn2Msg\/+Eh0"}
00569{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417407,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW8XhAAL0G+RkKAAABCQkJCso6Abuxr70pL4gDklAYAfXTVwAAFwMDAGkxHi7McmOLywyC2PPw48UhmG\/9LXtg7UsntSmiizF8Yv9hL\/Ad329PtDJntMJthJHT0ze2DDxyNWp+GsXY2IzfJqhuk3CVqOHhIXcY+f1E6Q0xPMk6i38qjmbOTbgzfhZkNPGDhHAtPqQ="}
00670{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":438918,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgErRAADsGWZUJCQkKCgAAAQG7yjoviAOSsa+9l1AYAHsy3wAAFwMDALOz4PktMFNHUYrjN62jZzcxw2rdFk9CrcaNJdo6vQJbYD3BkXnVTr8yO7lhjCoid0EqYQG+pQtv2M1dVuSBYMKnxUHfKmyRLxDA4ztpH9k6i0xArNPBFhlubjZeUmnLnGOFdZcEY5NrixI1zSznaRB0eNi4NZNdo8W75WFzCb7Bh473FVqN60zSDdXW9\/k84Yy\/z5tJw2QECH94F+ndKFsosBHDrntfy138Vv86iPQcEg\/geQ=="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":566393,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04347{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":603972,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_tot_l4_data_len":3229,"flow_min_l4_data_len":305,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02306{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":604153,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
00528{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":606690,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4TLRAAL0GMlEKAAABuYbEN9gaAbsU0wWIjAL7slAYAfU+5QAAFAMDAAEBFwMDAEX5LOrm\/q2t2eUGDASTuROoLPaXY3V7nIjXeCI2LSFnWiFzKh+skLRrkkkVsvCS7j6wsu3v4MgbuWujQFuzeh3uUOaKgmo="}
00535{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":606815,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+TLVAAL0GMkoKAAABuYbEN9gaAbsU0wXYjAL7slAYAfU+6wAAFwMDAFExh0tAyckORIsAyWSkeVyMG1coXJ4zHtSy0EnQML4KrQawGJNWi7QaLyPqSsPuMMVvSIQJabV34HcU64MxycruXFBNdtWfhrY94XOKn7mHGQ8="}
@@ -156,11 +156,11 @@
00555{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":641933,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"REREREREZmZmZmZmCABFAACKTLtAAL0GMjgKAAABuYbEN9gaAbsU0wdjjAL\/T1AYAfU+9wAAFwMDAF1on4nRvK2bkyWrlP0SAUuwD6w5rSzlhYgB6nl5ZQnEauQD2MIH+b+D4mRwD\/YaKUTywjUobUg\/VtD7WsuFfZj8T2odlVaHwsNqDuInuL5BG64WdECnwrPMmLga7G0="}
00574{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":642037,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWTLxAAL0GMisKAAABuYbEN9gaAbsU0wfFjAL\/T1AYAfU\/AwAAFwMDAGktFlMcQj8Va+OYpDNiB95\/ro587yr93e8zdihbqyMV83P2IZwsj0f+Jv9pHYGQ9n2AtFwdPKePqMzPeblgmCnpM3qDLrw8kY1C\/pQgd\/Qdtlar9i\/afTUePgE7YfQmH2jHTE0uokGzZb4="}
00687{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":676139,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"ZmZmZmZmRERERERECABFAADqg4dAADQGhAy5hsQ3CgAAAQG72BqMAv9PFNMIM1AYAfVnsQAAFwMDAL2QlTU5MNbz+YYrvQfbMQnVVpssEvR+MjlkcOHM62BV0M7DDvyuV8VlfsrwJh6+bCtT\/6rB\/jECI\/SJOtv9w0JHz8w5lYAYSg7eFz+LalbB2hwEqp6U7v3N75+vEfOdsLYkulzq\/cXhvHOPXSRhaeLc24NkG87nlS5QBbHje2FsnGVDwjXfKAh0YBjlxQe0btOA\/Wga8xh0lymrB5k1eb9\/jeWmcathMoM\/0N5YAHOqOLLyX67dwh63luW+DXs="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":703652,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04359{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":732715,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00616{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":734143,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
00509{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":735907,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABovxNAAL0GjeAKAAABMw980MyiAbu+o\/kIhj5VfVAYAfVw9gAAFAMDAAEBFwMDADUgVFuFuNgwePbawSbqpxqNFUCOzmkYzG2pGl01BK01AFH98ErPdE\/IsFBOcddeF+MHO+I0\/g=="}
00539{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":736019,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+vxRAAL0GjckKAAABMw980MyiAbu+o\/lIhj5VfVAYAfVxDAAAFwMDAFEtdUh44cEGQdA3iHwUtUH1NhGg8lVZ04bNaTVbyKMgEel2TlTxN4YD1\/YJJ3t8IZOkmDbABbG1rTX\/m4jdYwD9NvWe4\/dWFtcJFflMl6AIJvE="}
@@ -174,11 +174,11 @@
00466{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763803,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLvxpAAL0GjfYKAAABMw980MyiAbu+o\/q5hj5ZK1AYAfVw2QAAFwMDAB6tOffBq7b64QmsSd+v2c786Zhv5fiYEDuaa3zhYCk="}
00569{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763883,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSvxtAAL0Gja4KAAABMw980MyiAbu+o\/rchj5ZK1AYAfVxIAAAFwMDAGUSdilsnk\/DPCg2yJSmsPDr7T33UpDt7+fouyU7qugS3mc9WlRpzhBODn6kogeE8qQPmYW+sgOJpYyaj\/fEVTl5HFaT10uDxxLeSCv\/DfULel8k7sQWkW\/x89wDwp8NSpi0WLeX0w=="}
00572{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763986,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWvxxAAL0GjakKAAABMw980MyiAbu+o\/tGhj5ZK1AYAfVxJAAAFwMDAGkcIdxZpkdanT9u5zf3CPqQB\/78XpNb\/ByXljyCZgyJpkvfvLYi97zU3lVUx1ibVLgT1FzxzwmcB6WJ8gKgQ\/+uQH1RAtsJmi+4IgEvK59Ia4TDcUFuqPyr9T47vrlX9m3EHNX1jLuPzfE="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":203391,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226652,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":304,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02393{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226720,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
00877{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226748,"pkt_caplen":393,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":393,"pkt_l4_len":359,"pkt":"ZmZmZmZmRERERERECABFAAF7J6RAADYGMll0y7P4CgAAAQG7ovhHE1SsaJwjAlAYAfVGjQAAa5XmI3QYf4U3GsgNUiYg6nE+sTM2tlCEaWD8a+yhV47rmE6kvvkUyHudhyGiVLBix\/s2Tl66k6oMofRZkQrLXScZtdHRIfQgK9btbsMM1xTaTzfknUCL8Cww5biZh9NDUry8F8w5qpojEKHzH3A3\/4lC6uHgw2s20sHxwLZeI\/SjDolPw0HgqtQ7HRGthKZGgTF7EF5W3jX9zyxYcKT5Z+6a10K\/AJDS4B9NuFR6g1KQ6qPeFwMDAGD+4QCAyHAuMeUJDl\/3cFciykXBFAH+fIJCuocOnRHoaZKbLjxfCuEOFssJeNkoB7QqAW9OD5gzqBZNRuNAkbcUPEYKafd8lUfYNtA6Qc4Hu\/0eRYaPXNNUA8lYtFnGE6cXAwMANeAmEtdH6fzebaiXt7tDhzhyIraQebUR9GWfb0bTVPXdXtGXRnRa+RFnQlFlafsVPs9+iBkn"}
00511{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":229199,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoaJNAAL0Ga3wKAAABdMuz+KL4AbtonCMCRxNV\/1AYAfXp2gAAFAMDAAEBFwMDADVrZKXXCOBBCDNpYRE7STWc\/HnJjONF20ovpuvcRz\/QdPSitaw7jbrSJSqUOOsH\/fAYewK\/Rw=="}
@@ -192,11 +192,11 @@
00587{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":253667,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"pkt":"ZmZmZmZmRERERERECABFAACjJ6xAADYGMyl0y7P4CgAAAQG7ovhHE1aFaJwkkVAYAfWNfQAAFwMDAHbNNMxlK2hi+kM73RG+R9mVK1k1n278Xq2fwo65cKzW32ncn3dJ7kB\/wz+TBKjCjHuzTa3am\/FIFV25etmokJlONLLJrfcoS+4PkOtmintpqLX1\/mQcZ5cwcG1CyWfqnc5A+A1kfAB6j4X1LC+tm9SmlL8k5lmx"}
00809{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254160,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"ZmZmZmZmRERERERECABFAAFLJ61AADYGMoB0y7P4CgAAAQG7ovhHE1cAaJwkkVAYAfU4YgAAFwMDAR5OjaBU4K9RxaEOIHl9RkqXTssLDishesbzjLuUbDAZDJRFnzyaj8ejMM2ueTD6CLNtc2jjLJ57t1g80LgQbfy+JUMoRcjIg2IhWkko7S39iw6bgbvyFu3qH1cVkJkjMLOEtHMOGvK4yLYcn21AtyDTIr0Dds40lNJS5EgMcBmhGdtQpaMyXjkJRvHbR3JAZL+cEgYUfuF7xSkh0zPrqz7JjgwtwL0VYQpeusE93XLn+m308ziE6DVryUHuJj7+c7wd8sJ8cb5hVwtxDaAvhSlRMwIlHPrEGLQBNmUFaMohgZq0V19XXuBHz+cBpdoF3+8cnhG48hJE9MwRgEbCeOVFu\/pxXrE0wmFPSGGGmePjRa2StuxxBWE6hgEkPVLz"}
00466{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254389,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLaJpAAL0Ga5IKAAABdMuz+KL4AbtonCSwRxNYI1AYAfXpvQAAFwMDAB4\/8FLPAjMrydunzm041lSiRjMKOj5EiHlPHgxxkXE="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":842290,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":868005,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_tot_l4_data_len":3227,"flow_min_l4_data_len":303,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1613,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01443{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":869199,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
00528{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":871016,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4y\/ZAAL0GD5IKAAABwx5eHOp6AbvJsoY0MUIKklAYAfXiYQAAFAMDAAEBFwMDAEW5sMLbd0gmem1uKXhOn4xsScvIMh841vOSv25s7WegMWRU2Aswoauuqax20OLYWSZS0GCafTK4XRon6bwmx9k2Q1hF9xw="}
00537{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":871144,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+y\/dAAL0GD4sKAAABwx5eHOp6AbvJsoaEMUIKklAYAfXiZwAAFwMDAFFGa1RBxhcsaVS1JTQbsm6b3akfyKh\/Q2QTKdRkJM6NqfDPzD3c5QZ89kS9wTJn28NiChl0RiDJUJUnuw7FkiBDzP828V4cNxsAiVSYcyY6e6Q="}
@@ -211,11 +211,11 @@
00798{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":37345,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"ZmZmZmZmRERERERECABFAAFAyWpAADgGllbDHl4cCgAAAQG76noxQg7JybKIylAYAfXY2AAAFwMDAPTBSH\/KUN9Ho41cffCQxrJYqIef6Xn8cytekOXeeAPHjzza5w5Lk\/Fs5hXSHCDw5NX72Ztnf7IH6QGxoxyIJ1HUWKk+Edlf1yCaaiWSG2qK0boEbCex1OgZCSzfuqjAo1mHvYIcjlHdYDJB5a9RjE\/U5d3pi1ylEMZuVl9S7BmnFfzWYQLG9VTEqRoJUXsx5QLiwYAlmszUJDalFHNSRVxzZZvw6QxVh+8FC1InrW1oyRKR2xFIYp4YUJ3wdWp5tEn2LIvCuBP1JRsGgB49yTiHweVhl2D1toTYHLPXBFKveGUx4gMgeosIn4YM+HOhJb4bRHYOFwMDABqApNe+JAK5l37wbw8X7NNtNzFmPvcJ8YVILA=="}
00449{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879259,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAzAFAAL0GD78KAAABwx5eHOp6AbvJsojKMUIP4VAYAfXiKQAAFwMDABPOFDsRNkPmvUgsjvIivquiUuss"}
00450{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABALvxAAL0GxEYKAAABrGhdUJ\/qAbvjN2\/5lQPB01AYAfXKpwAAFwMDABPe80YjBSFaopQ49brkBueHC77J"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":955395,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04354{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992908,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_tot_l4_data_len":3228,"flow_min_l4_data_len":304,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01404{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992967,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
00531{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":995910,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4M0pAAL0GpKcKAAABuelq6LZCAbsgVVPzybMXxlAYAfXl+AAAFAMDAAEBFwMDAEUCA\/YbRSqPjsGQUsI7BDvq7g3hnx8stX\/\/v2CQCTsComt49V00Fj0d8MRffKPSBQAZmRH9pre9c9BbaPqDdrxQX\/Gf1xA="}
00873{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":996291,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"pkt":"REREREREZmZmZmZmCABFAAF3M0tAAL0Go6cKAAABuelq6LZCAbsgVVRDybMXxlAYAfXm9wAAFwMDAFFiDwiRDXElbRhM59ReF6s2xqZG8RLQbqz4wpPrraKkN\/Q3HPC6T46YslyC7AJMSo1NEY1ep3FOrNlIA11HSwsb5eOMMpx8WNDUcPEe1r1vVzwXAwMApUI30qxbqbhWVyYGeOCEKJy06pkPug+PlPNXOwNqmcyrZw643t3j6fa+nNEdRxSXRCRihM1WRyQ8iDH\/Q6XjG26+a3iPD20brSBgI4tGq7G71TfgEfNyG78PMIFUuUshkFsOPrECbUFrz0HKwT8gbHFBzWhP05NjVu8n\/gZhYtaxOtJ07AMV4usaM8JCEutaHKQ3nCC\/lD\/U1rGT4byhQ2tvATBrCRcDAwBKAo5u9aU\/uRFkDbdy7aiGyC6ZSDQdw31Itx4Bjw1AGDdS3RRyIuBDENoUs4sCaKjPHDchsbmbEb3Gdh0r7veFFmABVf5P8Ws6UQ0="}
@@ -227,11 +227,11 @@
00569{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":20009,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWM09AAL0GpIQKAAABuelq6LZCAbsgVVYbybMbY1AYAfXmFgAAFwMDAGlkty+gqGrZ6kcEx6eBNJkFXATj\/PJ2qcItHe\/UVJd0Zib66d2kn86BcOtb4B5FFYHtH6onDNf0gbokZwIoYEMVa0r17ktTXFUNebFvyIdqYEIhAVbONH2RHpX1ccsyOFmwuGRf8aZpw9E="}
00683{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48007,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrvvdAADkGnIe56WroCgAAAQG7tkLJsxtjIFVWiVAYAfXszQAAFwMDAL5fINknzSWUmJfsu6P5GG2HB04fm9Xp7ShxhoWlZA2Gsvv1uYsUhk1FoHjhZmw3jgY7hhBO4qrsQXrxPHGKcJRhNk5YjXZq0Iq+Xc\/0f\/Wfudy5r79osixFidmFWbYPxQ+dQuZ0OQb1xmezDUI0x31kyUuCW2Rp54AKfccofoQiACif0\/hxjLMQJ0jL0Irnhj4RevmIj9hvfxGMqPHsfxDIUxm6IpyxgtbAA4OSpTMWQWyososskgVkuA\/Ffiha"}
00464{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48238,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLM1BAAL0GpM4KAAABuelq6LZCAbsgVVaJybMcJlAYAfXlywAAFwMDAB46We2Qp+l8+vEhQuOpjYEBZk1tUGLiEp2u6nYNM2Y="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":407664,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04625{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":519522,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_tot_l4_data_len":3424,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3118,"flow_avg_l4_data_len":1712,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":521785,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
00536{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":521926,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+D11AAL0Gc\/oKAAABlTjkLYysAcV+b2VT8dMaQ1AYAfU6kwAAFwMDAFErq550LH95uke0rm23VPceTqLIT5XXzMqalNs7I2JJrXOWUChHedceFo52rS2b6I6rUVra47JaBhmqJSjZZC8zmJ2wvcqD4AZr7WxTsoZAniY="}
00657{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":522094,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYD15AAL0Gc58KAAABlTjkLYysAcV+b2Wp8dMaQ1AYAfU67QAAFwMDAKsOGAidzVIImZBe8IrlHfcbcM11mmaHWvkM7H5DrafIKyBdOKxCc4GdZm+Qq+PXfPf0ndmV5FWH7h+IZADqRJal\/xOyFOe6Purf+ohwLWuQQt\/ZupLyqJH7ZZNQ9xhnhti95OsaKR2Y1b4EKds3ijmnaoMndpYL0W0+RcfMCAznlz3IcmNPTwpP+DR23n6pUpxgqmz18syHYKiy0yZrey0DrSIKjKAW6G9+eko="}
@@ -245,11 +245,11 @@
00562{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632552,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRD2NAAL0Gc+EKAAABlTjkLYysAcV+b2bH8dMdC1AYAfU6pgAAFwMDAGRDuH0SRNge4KtZJvTqZaQaq1HgJSCCMpnQKHMI6ovV3CB\/t7j+uraRVyqkljO5z4BxQF+HTGb50xsX4UmW+lMgAbNvmHAFAzVZFYVqLizRSaFP7VQiTmHMNiIa\/c1OBP6HA27b"}
00570{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632819,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWD2RAAL0Gc9sKAAABlTjkLYysAcV+b2cw8dMdC1AYAfU6qwAAFwMDAGlXhFdWqvEhyTlDp6w1hPZVH1D4QGtG5TFAn\/M+fvanG054BYUJax5Hl\/f1KcEDrezIHYgOsJiAwxt7unRbKlztIlLkkXB8fI0RhD6y08eFlXpDTXDQ8ateflvgRq7dQVPGMZlNlXa5z5w="}
00465{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":742064,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL6DRAADQGJFaVOOQtCgAAAQHFjKzx0x0Lfm9nnlAYAfU93wAAFwMDAB5Ji3IaPqPqsPpO7e7I7ITP5Ggy7RENl6Impzd4GGE="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":961764,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":12422,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00614{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":15352,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
00506{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":15974,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoPz5AAL0G1JsKAAABLZm7YJSCAbsJfFOfn27vwlAYAfWqEAAAFAMDAAEBFwMDADXzhu9IckZdRF5p9rktj4FIPv\/RwuhvcZ5iWKfecDRsL5LtFLthbeqdmQGRbwyypD9mazUNOQ=="}
00535{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":16008,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+Pz9AAL0G1IQKAAABLZm7YJSCAbsJfFPfn27vwlAYAfWqJgAAFwMDAFFS6HSolQONUAW59PBdGtgVHQTC6yJoVCA4lOkKUOgLspS0M5eGwl4vbADuT6W\/63Ogy8VduvtD38O7x2SBJDrj07p4QErHcergSl3nvKoUwYU="}
@@ -262,11 +262,11 @@
00569{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":65278,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWP0RAAL0G1GcKAAABLZm7YJSCAbsJfFW7n27zRFAYAfWqPgAAFwMDAGn6PtIkVHmoMJzjgnATo\/ZJEjP78dbfTDYCDqYkTi3+wLGg0MV7H5ZkPBTMTwrv4al6lvpl6iYG+my2jimgUkz\/xkX3NfQvTv8nr8kDL3hBX18zhdwCA1rVR9xVIWVhkT84sSRuAePVKBc="}
00466{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":111124,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLVwFAADYGQ\/YtmbtgCgAAAQG7lIKfbvNECXxWKVAYAINn0QAAFwMDAB72vYhNJfr2emZvkuGwRpUrsgwkpkyMMIbGlSfK6XM="}
01125{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":138384,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"ZmZmZmZmRERERERECABFAAItVwJAADYGQhMtmbtgCgAAAQG7lIKfbvNnCXxWKVAYAIONrQAAFwMDAgB4l98RxKWfbSMotLDSiQR6edN2EYdpxWoGfSeyS0FoxV2bjBprpJnZ2sR6iqNqaW\/HJKptSnpncrSntS57Q5FQ06f8g+Ne1Nto\/RhX0aRCKOG62K3tZIL1VwtOwgn9so58Dtam2oYRg0273TQzl+9k3X4GKn54g26VYZ3sPhxiOPtJkAPonIbhid2\/PGAf8i6TxbGZsPdWzUDht+loR4pnPvhPoEqtqRiB6jWGXFXKTjtxTdPA\/Dvylgr8o+IET0PNTx+\/FA88nKpol4vEMqD1wK0cOm6kAgbWXem59l+QFeLj9cnAypndtz\/iygelWBfg095HxRc5E8\/H86vDjJOgqxHn3iPKUcDQkEY3mCiPPHHv7V5aI7gCVpSUD4hBSJweM3aYy9K8KudaxjdeBDNcQszGKW5YbWZAgOzxfW9mi\/F0hJITePnojX5vfuD+8PGEJbqgaN9Fwze\/6Dr26TNn3hYNefkzZ7nYjkbz6Ar6NGK2sy3\/72VNBDv\/f9MXtoHnBE7n26+Ao5HDKCn7T6ATKLTROkSfTeDzEm+gpac8DD8VQQI\/tIyUwAQ58dmjQrj5oLPrz6UzjX49qyJraIYEMvYva0b3aVwSDw4uMV9SGhQW7AuPLeDOHtSXqgvHYpAWGM6dwpk7EclOgaLoz+iCAzmfIobpkzxHKtO\/ZrixCQ=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":159307,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04631{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":179666,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_tot_l4_data_len":3439,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":1719,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182236,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
00536{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182350,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+sYFAAL0GQE8KAAABuetRAa5gAbtwXMSLYngMcFAYAfXMGQAAFwMDAFGixfX+jyF1WhRHrN0+9CkAoYVj9DMr4YJ1kGbeEieNSecS+q0w\/iwl0yO2jmQwPz4JR3HyX5YbhQTrE+hYVumNbIkZKWuNU8LLxZezccE+lJ0="}
00653{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182529,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTsYJAAL0GP\/kKAAABuetRAa5gAbtwXMThYngMcFAYAfXMbgAAFwMDAKbK9JgVHlFfw34FW0sw7dqQdGptZcZlO2RVkyCS9wnAksDujYS\/HvTuJaYyWrH+y2X4Bmu1xtRT05JwyRgxId\/Ba7+JzaKKgwintj3e33DfQyGya0AOLueZ+\/oQp7LSw9HD2MZM1r2dZ5ajI\/ki9R13QBfBlmX9ZJhMygxhpuJ\/kgAEbTo1exiYt1KPairdfATdtJ33NozQdJtvL9vaKpTjWkiyjKod"}
@@ -283,11 +283,11 @@
00449{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914174,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAsYpAAH4Gf4QKAAABuetRAa5gAbtwXMbRYngQ8lAYAfXL2wAAFwMDABNRzPKFC48C1Fna9B1nJzgOx45c"}
00449{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914261,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAP0ZAAH4GE7wKAAABLZm7YJSCAbsJfFYpn271bFAYAfWp6AAAFwMDABObfBxL8bMwvnBw43SK8etxZJTY"}
00449{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":937875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABAvvpAADkGnS+56WroCgAAAQG7tkLJsxwmIFVWxVAYAfUuaQAAFwMDABOXRSu08WL10pc3CGxVUSKDv69S"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":11190,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04655{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36272,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_tot_l4_data_len":3450,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3145,"flow_avg_l4_data_len":1725,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36951,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
00535{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36988,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+9D1AAH4GIpsKAAABdMqwGqhiAbtWR3NoNJT\/BlAYAfXmEQAAFwMDAFElX+TKJBiopImIj2GXQOtwcKaEiElkh8K2UhzQ0jUKPgTXoSqnHz5ocovk7BGGFmhJ86k+WLCOTysTJDvQuF8U0maWZ1+mvmRXguvsmflwWCA="}
00650{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":37045,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADT9D5AAH4GIkUKAAABdMqwGqhiAbtWR3O+NJT\/BlAYAfXmZgAAFwMDAKa4vc8Mrjz1P93k75fEHIClEV7TNmkIFwWl\/1AVOuTvIrxY9revacc0XrdxN40np8KrY4KxIZxf4IUauu1u\/n+AqXbQHYwvrskX9qmD6BDtChuI2f36i5DNyXHNbP6X+z0PV63njfV1lCHhAzCnzpgOU6S3kxl+xtdlvsM\/YbjgGP9PXPXPCaKSUZs6ZKIy0FGbC45IvrIAh1RuNDWWb3MhJ43W1rsH"}
@@ -301,11 +301,11 @@
00571{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":60679,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW9ENAAH4GIn0KAAABdMqwGqhiAbtWR3VANJUC\/FAYAfXmKQAAFwMDAGlZefRuBILhCa44nOQseZvAsQiGp\/GaIQOPhH5d9qoTVY3e\/V7BxLhHxrEUmNpn\/fgjQH5YM8B5ugf6JBLlb1AHH5glyGJ4Cph3RmHdM6pJZZcRVHlRUuhYyr7qtZo4Gx6TGsVJ86U3szE="}
00465{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":82021,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLExdAADYGS\/V0yrAaCgAAAQG7qGI0lQL8Vkd1QFAYAfXsZQAAFwMDAB6y6866gsVlqQ5blx3VUSPxGKjLjp2AbFxiT6ORdzA="}
00872{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":206227,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"ZmZmZmZmRERERERECABFAAF0ExlAADYGSsp0yrAaCgAAAQG7qGI0lQMfVkd1rlAYAfUHogAAFwMDAUc4DYTOZtj9RXaaH7NpXAZQoqO7YbUhHjfdLeYlWaZISP7ukf0Spo0Y6JI7sq\/THwW\/2aINKtVyHbzum7s938oBiCWCWlDHlFmioYWWMCtEkL1QBq6mHzyhbywvcK8uUcvnk5mqUm6dfcpJMxuIUSQvQRo0YQM7UazfyCgZ89vuIF5ljKsic3QusDiGQToPfUhocEKHeNuPYlzUpj6AObtFOU4I+TpxCSnXaELR0u\/4m98fVmXRwLZ7bdo7BBhoQ39ZDRxlHTGTfLV3Q939OYOdR7\/3l1Zz9lstfhrGGHdAc9K7FIp\/GsFktO8pxjwfazTv9vS+TipJBKh6Vh+MXnKMS22HH8cUTt0H9YimmrKVnGvR9VwobKnoJFO\/0Xyf\/DhYv\/F8bo1EjVf0EFsT7B0fJbfgde38L3BTwRZoW83NPlV1AaSZ1Z0="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00812{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":281333,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00551{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":310897,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_tot_l4_data_len":429,"flow_min_l4_data_len":119,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":311104,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
00948{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":345011,"pkt_caplen":445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":445,"pkt_l4_len":411,"pkt":"REREREREZmZmZmZmCABFAAGv6MdAAH4GntkKAAABVQVd5uaSAbv2ZmJYaR4ABFAYAfZ1SQAAFgMDAYIBAAF+AwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAEPAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwCLAIkAGQCFBAB6WaWPH4a58n9Vy55153vrND8HYB2nYEr9eTtZhQvr+K0wZRqcd7gi5my3icRP+cC95AMjv\/RLUwvWTvGJ7GfxsQEr1DgaPphz4mtIisyUKe88RjwGENhqVmgi77BxTjgWyUr8yPxR8mF6KE\/7+m+uTvX0I8U7batlyYLLDKS1f5LZug=="}
02385{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":399920,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXU5iVAADQG51ZVBV3mCgAAAQG75pJpHgAE9mZj31AQAFN8ZQAAFgMDAN8CAADbAwNIKgS7jpOm3HVoUCYARJcxpv0e2pnrGqQEP1+d4\/l+rCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAACTACsAAgMEADMAiQAZAIUEAeE\/O1tgYRiVcokShB4pBhHDtpOcmZTWZEJ3WWyUiziuftscb\/mJOaokEXG\/H9g0yLEWB6CYoRWEF2tWUaOQd6sTAO9QnSQcXwEgCwxj+oPPoyoRl87ZgP80IUzDPKqvRKWEd6LgyUEknnYWgB+jfMPhukTtsx2LumAfGk98NtpA\/Y92FwMDACSr7z10NJZX97cncZDfxTIwqcwGEk0dFMzRmunG4z6NhW1TAfkXAwMLmEHWpQFir83wP+qLpcDdLZW4kfLuaEE0xA1iqgZkBheEyhI3OMt3rG1GomTFacOUZKnqvPeVzno1kubg0a7bcO4s+YnZC1nllBAdtvwi6JhitnO\/qjjdgMZh\/toQx7dbXIDaEOpUhk4DSiC0pUn3TLQKP3QnDI9J6zM\/3hICQypUyN2XsBOpO8Kshs6tkPyJK0t04n92xfic2KaN2Du\/Y1RoSYDwYopY2uXDNlJAvFiSENQaucl5hJ9HUtqf6rL3R1PqqoGdeIIxyO3C8N4bRz38oiP7dj09QADhqmrSh1Legt+MEbxdo4Wz79uT4OIPw\/IXrrT4dwDE0bIkqCAh8ZHWYt6d3mYUiSaXSMdKVroLUqZQNEJ1HcMZXXI+QLTq8f0tMM4vTRPw6Wu29zr6y1zCwa9vadztxDuj4SJfvF+St\/LC8yEYi\/J0fLkVsinvDOvwDtpr1V2y4ijKD3S07Klb97dV14s\/pG6hRWBCvbGJB9riC4jEGBwZKuJiaT5s6xhqnCvV37jwn43s\/D7fFp+UVFfyRiNFyK6wgrgqkEfn0qgK0Ou4sL1Cd3lScMu8A+imAP0aXG7\/gOb\/g7KSazB0sr9F0croUvc0GcTkm3wrnpIQJxOymC8rbzj\/XSzgt59E4CqWr8bUGBapyNrHFRvwkdyBCGd3y4scXqG\/Bo3tmOuYomiagmMReDh+R6GpvvfDKYO1EmlF+lxcpd07Fv3rJ7XYZzARykPnnIiJHWh432oHR1mLpKPn4oV0AI9rbnn0yDsU1Bdb2MHFCaSpTN05WNJWbTP6sYNJ4dynOQs86xCEbEop9leaORUo8Xqei5+PKZHngeuMm6Eq69P\/NtmUxGz58M8MFrdv7iFa32SUnywxkzwuzDKIcksuVZ\/AHuAB3SJ16GMM4vDhfs+GYHSQ3Po6XX4hItqlv39HCOEZkFi7UMoYaI2eO3GdWpUDSkCO9S+5Uyd9Sm0fpq2THrBwTW1RL01ZCb6bGHsFOfJCmi8Ws7P\/\/1IHcGrh85znh6nQmHTxjoApqeasI9XpcCWdYL33T6WNFdF5Jlav9dxM63W0CEDj+a4Aamok7CsgWVcV0L3J95x6l\/zeL3w2i1vG1phsbz+mD7g6OvKF9niHovEgSt4Kvra1qBNJlFzpfDWQ9NHtQUdKY6diuNbxRIgbkIUGd3iC4eO7dJkU3QmiXgSscI7RsZbU0R7ZkTQ4P5mOoyawOvyeYnAXHr1FBqoE6RrsGRpSAmtwgpW1pdvdXyPaMNzNzem\/M1tvoMiwfNnJtjjhnmv5EircGjwGDyJoWlqSIVlyNtdTCeRW2iQQ03JtUQ68\/wW3LtE6ur2KJC6mT+60DD45BXln4xqxdhWlGDqQOgWqwD27VpZ5PBdtwxXSwZpk706PnevI7Qf+i9CpJGbsk+AncI73f2sTM+rnD0RGZ8nTSUL5\/bwfnj+ZSyVJF22P9CO+knTzkqATHmcTXgNaDO8DyL0VCPWn\/oSyyTq1PzfGzhLb0F61LpkqLtUE8Dldgms5IjzNdOv4UPecjmkytayLd+PP4CmYKkWyv+3Al7b0UgDw"}
@@ -319,11 +319,11 @@
00845{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":490575,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"ZmZmZmZmRERERERECABFAAFf5i1AADQG68NVBV3mCgAAAQG75pJpHg609mZlflAYAFOecwAAFwMDATLvFn2dCHpX5ucAb60\/bust1dF4G0efxnH\/Ie9iI0zRiLlB4F7RHnYdsRD+gDXrcCgEcYSd+eq6qrEY7zZPOSeWNMGdfP1yZ\/+a4jZTpYfLQg1\/wmhGiIjweUwOFipd2GZGk4yBoXHYbC5\/rIZO2ylpFfwrLcIVNOwrhGb6oe5i4uEwijqDjc36MEJy9Sj+yjaXSSKDdwCCec30eNEiETJhyR+Jb6QsqCV5zD2yWL730sPIWV+9PWxxFzhcPRsV3jPvl8AxHLu8CSujyHjA1twKQp3hhHDvoQHnXSML\/5AThuWBdNCPwK\/dnCGMYTy8NxPNABaz5og1l\/mYTq8teV8Xur7ai9p6Hm7+9pv5MENUWf6husIDCKq4yVsRH8jhdZCifEUReGYd31ngSHcz9O\/KC3M="}
00535{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491314,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ZmZmZmZmRERERERECABFAAB85i5AADQG7KVVBV3mCgAAAQG75pJpHg\/r9mZlflAYAFPxtQAAFwMDAE9iFvd+NSXnn3akoG9wS0pu\/nEwPEZTzjOoUC7LcJkPFKktQGRfkVZfGjUsiAXh7VHiXv+17PPH6j\/Z6a4+gnh2sfbG9SMbuK5DsCclqYjs"}
00461{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491396,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABH6M5AAH4GoDoKAAABVQVd5uaSAbv2ZmV+aR4QP1AYAfVz4QAAFwMDABqjGCxcM+TPK0TxPC54YtVIhaoXfHJm0O1RLA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":577768,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03807{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":607705,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_tot_l4_data_len":2826,"flow_min_l4_data_len":303,"flow_max_l4_data_len":2523,"flow_avg_l4_data_len":1413,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610153,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
00537{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610269,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+LyxAAH4GiFMKAAABaBwcIoO8AbvZKqZtoyMiIFAYAfVFawAAFwMDAFEdfSV7R53tWPLwbpLAvpYZkl19\/BcxP+TDWyhLaoxetWjrDvoUAtcNmsNiuCZnkdjB+V3dT5jW3XlxFbDY728t\/WQMk1LbxBUFh8jkvOtgrcU="}
00651{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610406,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"REREREREZmZmZmZmCABFAADRLy1AAH4Gh\/8KAAABaBwcIoO8AbvZKqbDoyMiIFAYAfVFvgAAFwMDAKSMB\/dBKj3UpGjMiH6\/1VnkucRlgJJUh+qKTpK1hnLktIkXTIZNK771WiAD8CCQWY\/50puGvx13gF6dxepR2eZrDXtNRM3+WITv7yAVM2zLslCIU6mXHswTWezDiNss0zAMjO5iTucBRew73pLZ7zSDttwfLKSZX3jAzQuGsed6FSQJLBSwHHVgAkaiewtxnPDS+tpjzWocy6dfvO6T067l7AmVDQ=="}
@@ -337,11 +337,11 @@
01029{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622855,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":504,"pkt_l4_len":470,"pkt":"ZmZmZmZmRERERERECABFAAHq8fRAADcGCx9oHBwiCgAAAQG7g7yjIySq2SqoQFAYAEP7KAAAFwMDAb37Utqmzc\/XQr0xKkwHhSi8+JTkROqFExNKhMimdYKmM8saokrmuJmrL7IGM9+N3ycEamRylc2+xYqrPF6XixY0I1nBFnNaQSklbfiR1ULXPyfFvTDlL6Bqfbx7o8HsH161ME\/J7NpQ9dA7SaCPyg9wTxwUspP3+LPiBsloIiDfpqM6oEtCJAzUApakoZrLjqZvEHpDmut\/iBLxVuDdF6oFrWZusviWmCmENt8wSv96QGh6g9k4pRKyPlybPp5nhfR6Fyc7a1lBUn6J4rKeho+4TSjmuVc1HqW7F0s1QTUFfgchU2WEfVz40sc2VpImXUddoXvLqet3SRzH9H6L4n\/CxOnMGZFMtLiRlSiM5UxdC0fA6IuMhgHpx4oITJYq84qucDn6+X\/e+7kcWKqm\/ycygq2YIAjXx9u2hWAzNPCVCUU6hhZgEOhD3\/5E7c6uioiFH1LDvsWvxxMQMcdx0tG9dL7mCPaiY1m9eHZMErAoKKj66qZuj6dU8Z7sAgReu5w\/GJHJJFz4gbWWI\/wx0nBh4zpXZnPXbqdjs7eT0rSXlhkiziyaPxH1E+0L96xVEpU3ZIsIAbNx21ckAsxG"}
00461{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622883,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8fVAADcGDMFoHBwiCgAAAQG7g7yjIyZs2SqoQFAYAEOAPwAAFwMDABp2DqgZV0Txz+XGhszRzilLqpOniLTFqPk8IA=="}
00605{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":623279,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"REREREREZmZmZmZmCABFAACtLzNAAH4GiB0KAAABaBwcIoO8AbvZKqhAoyMmi1AYAfVFmgAAFwMDAIBw+gd9vJeD\/x8X5Xd0lYOO0wTp\/\/7OmS\/7wdThDKO4T2Gvhv4LE68i5UtMPxdw7+72aREJzgTku82uWhfzjH6MBuSwQZI7NM2yCK7qMauc56q1AMWz5yTsz5cdbPAp7C3Nm4PvKkfSPPjHAa1HlSg\/iu0oITjeQnMELwjuPGchpQ=="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":697543,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04281{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":725098,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_tot_l4_data_len":3166,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2858,"flow_avg_l4_data_len":1583,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00508{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":727790,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
00536{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":727917,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+sgZAAH4GiLYKAAABAQAAAdIqAbvH6z+rSWN0\/1AYAfXCLQAAFwMDAFFrhWmS7Y1bCOIeKODPz+I7YfqENoT6TMuVqwyG4G3SX6UxpkGUbLXAM6aI3cio6qRGa53fwYiMMoMH2Pgmh7dvXF8VRjQEWsyymfdbjhOkNcQ="}
00653{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":728094,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"REREREREZmZmZmZmCABFAADVsgdAAH4GiF4KAAABAQAAAdIqAbvH60ABSWN0\/1AYAfXChAAAFwMDAKhknTtbWPjKRxC8RF8H9CkmrA+Bk9ZccxNWxVGeMn2xlgfxJ+N\/oa2lauG31Sz2Z1dteZDbkTjSzDgqVARVb0wPo6eAtwO4lFO50Slr19o+QoMq7p+H6F9zmQss+aX8BSdKO823UvcZWjEYIciGcgJZ3gCCgxZcU44M0uB2tLCuz3HkSp0QwPOmeFciqWF26PpPzwsdHrIS34z6Hc1U7Hanulmh94TGEzY="}
@@ -355,11 +355,11 @@
00571{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":752776,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWsgxAAH4GiJgKAAABAQAAAdIqAbvH60GGSWN4NVAYAfXCRQAAFwMDAGnag5mpGQgyzK72rYLgzjTgXEFF7\/vyM5TeCE56xwsqKcnLoJ5Rnj29UWbQvKgKVIeHXwFZTTBHNy5hunyZRNsfNL\/lBY7OHjRJZ\/tbRyLFVy5Rc8aufiha9M+GIYlpfxX9UzyDOKSKPjo="}
01172{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803936,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"ZmZmZmZmRERERERECABFAAJVVkNAADoGJqMBAAABCgAAAQG70ipJY3g1x+tB9FAYAEM6OwAAFwMDAii8Xmxld8hU204So8nXWjN2bDXb44adJyX9PgYCuYIYjLgHmCQ13e1C77q02upopuuUE+DZH37WWKB0HZQJc4vdpnj+btI1+b2a4Op1YomlhAkd+Z2moUJeXvIWVVVQicor53wHSeMCZVZFWuzDKXAy58RktEsPkmFSISj7AD3WGR5+rXknr8FTc9SCvR2ml8vGZVSewehHfsywPa8nxqU88aLpw\/wzjhBY+E+PFSc0OL7efQJoxJAchIgd75oq26kOoQ+p1\/xyd8hr9WCYzkkuEVDxU3UKt0WiJxfzF3oD15gh+70w8b\/o5oTPup5viecUBoXUONak3zQKCHWU9hunWv+wfGC8C1aY\/VQGhWagW5DR+9F\/H9bc2u7pgBVi4a86fuLOJHKHrxpx45th3SxEOfHLaC435iz0hs4LTr8PwMQYyKa+EcDrl3pwPNRDrhoz9Ps6hGNCpoIXvN\/U8PdLsZh7l5IKHBdPTHtKqwz0ooNk76cTD+NZR2+z7BCX61s02HsZwK8R+PCUhfJ8FZn5biuLNGReXkrWhoEqfnq8+cTZClZlXTKPKWQ3U1NOMOgwnAjhVoB08gTW3DocEFswOvvHa5kmbpNwwgM5uqN+qzzCSyzPq43wdAazRGe9N6Z9y+Z6yjndZYfTKJHI4x+CI8BkaxKNOiT\/QKIueVFJXYYNsbuXqFmYR\/Nq9XCCvX1L35G4Ey8vHgo6ZUHvM1J5RyS0dTJSKwA="}
00463{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803966,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHVkRAADoGKLABAAABCgAAAQG70ipJY3pix+tB9FAYAEPaZQAAFwMDABr+tfnjAL4t\/Y1IAjERbdL\/wJntZcUUnRUN2A=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":870131,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02391{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903397,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":304,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02333{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903454,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
00510{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":907201,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoC7xAAH4G5r0KAAABLVocAII6AbvzwYjhjc3lD1AYAfUKcQAAFAMDAAEBFwMDADXqnL\/aOrn0ACDUNs\/5OlNFpIHBA+TE3F8+\/Z5EIvZ1VnRDRjwJhogJkYt\/Q3H0b0fjAhpU+w=="}
00535{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":907355,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+C71AAH4G5qYKAAABLVocAII6AbvzwYkhjc3lD1AYAfUKhwAAFwMDAFFzwYDG03zIsCu775EDRZ4OSzL00weZVbglbgfpbwM8U7J+7uomYsjKj6MjKfVgOgHkAPvTphVgv8ZNnos8qRet2Hk8sVVcepl6hWnfJr3ih7o="}
@@ -373,11 +373,11 @@
00786{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":940948,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ZmZmZmZmRERERERECABFAAE2AyBAADQGOIwtWhwACgAAAQG7gjqNzeYG88GKdVAYA4Vd0wAAFwMDAQlsB7yIRhmBmY\/vv1SXZzhkhlHvNOJM5tBUvUzg\/VsaDJwCkQ9CBIfpygaQ6w4IxZXSStc9ORhCKCRjwVgLqwJjuC3iK8phAqs2VINkkcyWwjZCopzPp7DH+OeIwV4fTOsBa7UpL9pxthM0sOQAB1gOL\/ovuBuZ85sSbJsGkC7+ClqiyEz8Xs\/NaRrekhNCvfHsNjVpJP0oxDSRsuqMlAhIa3Rtkq7M5cdTBzQ1aXm6ebSZAIa6sv0rIyC3PG\/QPmTj5AV5b+CfTaV2LETRjg94tsyaloyKKw02AVvbDAaLs+vJEhkLHHPhzv\/ZC6nL30llEMmLzz692lEh33CTowjmyVMIa5+PUt88"}
00570{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941386,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"REREREREZmZmZmZmCABFAACVC8NAAH4G5okKAAABLVocAII6AbvzwYqUjc3nFFAYAfUKngAAFwMDAGgRVXdwoQFkT5SxPu1w7EW8p\/0u7VDqPc9wI24Np6CHAU6sa+HueSFuM3KNdFdDMW4tXn4LXazSJ+hVOe7VdIBWkIJGCmjq\/a0GBM2AD2XRyWWu3pSDv+y23zeCjlI7AewIZ4CU0+0RUA=="}
00569{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941468,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWC8RAAH4G5ocKAAABLVocAII6AbvzwYsBjc3nFFAYAfUKnwAAFwMDAGlsdpEmub0+t10g9q5Tr3vsXAWirmH7TIxUkMmOmRTA6ry3dLoXppmgosG8dB8yI\/3nqYyJ4lrJDIbgJI9R53xwGlp2q4bhy7L3uYUgxnz6KYV6OjO+ud1FprIZ4TijnSiNTGSwgGokadQ="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":90774,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04635{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":124265,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_tot_l4_data_len":3442,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3136,"flow_avg_l4_data_len":1721,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00528{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126461,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
00537{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126589,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+rgRAAH4GLYoKAAABiJDXnsvQAbv3Oz7aep+GTVAYAfUhXAAAFwMDAFFwNNZDnjPK+shBymQiVBXbt7xi202dOQR8Rrb+yjJPWnLgMbhsBD51RnG9LISVe3Ei\/llN05tBlMIcUdZIzxbBUHgMMlLa7+nN2BwIgI3qz\/Q="}
00644{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126743,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"REREREREZmZmZmZmCABFAADOrgVAAH4GLTkKAAABiJDXnsvQAbv3Oz8wep+GTVAYAfUhrAAAFwMDAKFAqHgt5ACD\/Hcnb0rfPawr1OJLN70nlF3dkYhA7ZQCOVewA6hwaIedDAlnDsEzTPRBpJWDv46vr2npo9S7MmryglbookGhf8BtnT5kHpryQnIxzmMUSkMe06vjg0NEJ8B00c40pwt2ffEb9ttTkd+oxC3Whylux+1Us6Kk9rBwv9Fj9VurRmLTFoD8b6q2+TC8GBevn3AcTvwA4+53G6VP4g=="}
@@ -390,11 +390,11 @@
00552{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154893,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"REREREREZmZmZmZmCABFAACLrgpAAH4GLXcKAAABiJDXnsvQAbv3O0Bnep+J7FAYAfUhaQAAFwMDAF7z9ZllIUJYVifkzfTmNZkbfoqBmuSaCnxtztvKBDeHssiwVOQo5nSR6hS5QkqXs2NqvhncFigbQkXSNOHHZD5sGv+1+C9xTFaldSDCLlu0cWZ1cb3oGLBlsyO6ttj6"}
00569{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154944,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWrgtAAH4GLWsKAAABiJDXnsvQAbv3O0DKep+J7FAYAfUhdAAAFwMDAGljKoEdACJVSu6LfUQxS7Zexs7VdtZ0WWd3zkpBzdNePqSAkmPDwdqpmsW3s8yVNWD1l6kq2LB71Xq3IVZ448YTWlaSIx78F+mVdDN7fDH0CMeFIDqL5DKGDEFzM\/1oGnCGpoQmFfwpMcc="}
00671{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":188288,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgg15AADcGns6IkNeeCgAAAQG7y9B6n4ns9ztBOFAYAPU26wAAFwMDALOTK54BMRDpe4MtRO4mvaKSRanWnUcsocEhf9imDZHTA69qRe1uMpLNe4m7Qp6bbB11SlMzzljnJWHK+xtT3NsLO0bn8SbPTm\/fP2HByAEIKCeJjzX6cTzrqctPaQMfDSYpsZyjirFQZJWd9zNZ8BqFngUuVVeMYAnqiHHR711KLHnNmYB21LdkXKWJ\/KQgiEfOFQlvg\/OO7+9BRDX2ISiFdjwYwba6lX0BaMvdwPOAIYVaXQ=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":216755,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02388{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246047,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_tot_l4_data_len":1775,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":887,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00836{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01836{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246097,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
00507{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":249072,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoj79AAH4GQ44KAAABaBwAapkuAbuxqiAlTGGdJ1AYAfUpnQAAFAMDAAEBFwMDADU1mfBqFD8uaoHHksUqQF0WMpTshJt1M0V43sKcAkWhg0T\/LJZoQXQ8FIVxhBlb5ZxztNSQTw=="}
00537{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":249187,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+j8BAAH4GQ3cKAAABaBwAapkuAbuxqiBlTGGdJ1AYAfUpswAAFwMDAFEr\/4Kxjdy2JlHhHqoeUlzBoSChhU4AhSRE+IUjehRAWKkNfzysT+0Oa50QZXF5YPbgpgDZmub9nHv8hWg+dGd\/l6r8nkjmi0wO7m6LEwq8g1Q="}
@@ -408,11 +408,11 @@
00463{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337114,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH\/PdAADcGHXdoHABqCgAAAQG7mS5MYaBfsaoiOVAYAEMWLAAAFwMDABo\/6em8S+cskJCsgTPlQqXRsWlC4TiMQ4i7bg=="}
00604{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337591,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"REREREREZmZmZmZmCABFAACuj8ZAAH4GQ0EKAAABaBwAapkuAbuxqiI5TGGgflAYAfUp4wAAFwMDAIEKgmKWX6YJ7EyrwW6UghlXKcoJ+dlzOTuPpcSLOsTbquE2gnNikXT6K1Wm2i1baScC4\/wKLo2OPiGC3Luvwce+I21tzmxYzD8LqsuN+\/aohVjp1coCNcS12EFOamPV40OYgKnUNYc0etOgF4dXD\/z9B5EUsK\/F0FqgOPBxG1vjLKc="}
00837{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":379039,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"ZmZmZmZmRERERERECABFAAFZ\/PhAADcGHGRoHABqCgAAAQG7mS5MYaB+saoiv1AYAEQvTQAAFwMDASwIOtnhxHgdCgQey4U19\/NOVQeoKhAjFytVdqdlNMepeyLN10r8EnEvFgwlJOqbn3jVg4D5gHhOz8YJayO69m35\/gSva3GMKU3IYEt4mRO7Og72e7CdTt7WlPpuH2yJzlDoMxqM8WIVENPl5wDi7D0LA7rWEPagJRWBBV9g7FAv1zAp4Avqs8vJrDF84dxBjJ9N0EWun0QJUwWdK7e3Get20X9+B+j\/UxjxhfG77h4DRB+zhIFQ5sPT95Rh6TYcIyIUJk0sap6MOtu+\/0pPK3fwozE\/Qw9UbZga\/69PyXill0sssG3IU4A0Iqkz\/yhwP69NxS4HELP6acm1AabWnpDspLBmF3ezb5xhszBYT37rQZYehwSV\/yqSX6InrXWao0z0iINaMnm6sjRuAgw="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739389,"pkt_ts_usec":936448,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02335{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265010,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_tot_l4_data_len":1731,"flow_min_l4_data_len":301,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":865,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02322{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265099,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
02160{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265198,"pkt_caplen":1330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1330,"pkt_l4_len":1296,"pkt":"ZmZmZmZmRERERERECABFAAUk7z9AAC8G+GwtTHEfCgAAASD7yzz9EkKUWq\/nalAYAfkKnQAAxcNxhA6xEjxlZ373intfSZN4U2+G3f+XvEboDRbmKIP5AyWTb+VftsHBbQDGTbvv0P7GHMQw3FWpHoRzaT5OEEMGXspnLcQMdVJt\/tw1MUWxBTfFzOt+sZ8N\/710Gy4Bj3O\/a3UuTiB+rCwc6qF1hTKT9uD\/hxD5F9bhFMArqmoNvbpY+hI714HwnUz5zHHRRPjSvUySFd\/tIXbrfkjy9Pt8CYYSZpcLvasThOoVyKZp3Qahu4ZiiIlaT4DxIgT8QCtOzJk6I0Q+Kbi71T\/ntSeqr8eLumh5NjzrY5Kchjq8wfLl2k03ViB0CDn4D2UgwiwsDxkMNzqcb8lMMo1gQD4nSSe1HTKCEdTfjeW4m1KYSg\/2CHt2InMeTBNo4EypeUe95bQS\/4al6dlbxS90APbpxC1Ot15Wzla5emO42u677gdPk5x+IpL8d060ErBh1e0rU6rW10Ytu3ysEVjrHpjc83LTEuIvJWJjGzm7fiQIAH0WEfokQAs5rGZEJ9jo3\/cA+xY2Abi2E43T4hJyBHvCQsiGz7LLeaXhOK6ow\/DJSrzicaRq6iEow4oa\/dAxa\/lC\/z3sSXt1FO6I5i6G7U8iS4HSg4JXSdknkzeDAYa1M2UH7\/lqTXtUSwsOqRtyG8QAFMTP0toGOq+jpPVJ\/bfqK9adFd1Ihx473BktjS1eS+Az2RUelP0QamhyG4F\/HotBW64CkuYKqvBlw2M8\/dzezftJzkOkK9SnHzFsbvNm1WODcpOZvO5t\/ogDpFQmoaqVUG+vLQokK42qcP7L2zX3Rcuf5UTBJ3+3S7NmglMobsgnAjUg0fnt8R0VxabOYMarXg2ZlKgdQL3vskU9+YGbJRX\/4oLMm8qznuFxBUiib+oUxtWetjrrNbuk7FNn8WQfXcwwhcTYwgFJatUhqF2EZkTXG1hKlCTom6Clp\/04mCW4wkb9vn4Hv1mTFwMDAhmC4dDt\/pXp38eVi56\/Tc0W3NYb3fwfw2VL4VwasY08aApKk+QVkG8E4WM05dMzJ3tM+KhcV2KgLIeDtX9fuaPzVpJ+l1\/nE7aFrU\/hTzjh+iv9ijKlKaCHhWeLx+4hbwy9iyPZgVrruC++AKQNMCmkT6y3UOURSEZ7M7rToXFjCncVyfIw7wfxB92gr+1qP\/FgvI24PGb8QfU30XaQxNOCDF9LCpfMvKKwJfk5QrSyOTpnJJRSt5xFXiaDt1WVaBAcINL6OKcXAfQ1+K05oASvBKcWxj8IENa4PmDMAbzmQxlcEc0EsN+QoVJv7Ml5\/lBq0C3vaQNMcnpXpIW3ZflF4gFFEBgTG3iqnc8B4K6OdIINgawtBvSiQUdXYJ1bYulpxACvU9kDeJqcY5cJgm6\/uEyTGbWvDouNBuPwtrCrC0IZE1DwuQ6lVKbNp5McCtB0KMSePUvy2t\/bN5v5a347VTUdcaRBTTyL9KlSuC+BMMs9OrwmenbDUePO+6uOBvFaIdzF5\/4ywKnXN0cFOX82njBMRiouOaEA8scTx5CC9CHkqAXua7RnVt6UZ1Ix6mEDU+whUE48uYruJ\/bRj6e4hZx6NdRONMAwMXQBD5wVyxMQCrAsNjv2L5RU2SssVOmQgeKqZ\/mtiPFB31fsdX\/80b2eeE7Q2xITfJ5AWRW2NJ8xT61RsekPZQpNyd7\/bWUZXXwEySVpHNsXAwMANQ0O8C1pUHkvIH9BBA=="}
00475{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265231,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ZmZmZmZmRERERERECABFAABR70BAAC8G\/T4tTHEfCgAAASD7yzz9EkeQWq\/nalAYAfk2SgAAc4ENe0G5ulHSVo9U8Di2+Rff9T48vIN31l10ubtaT7+HT\/yeAS5vvgc="}
@@ -426,11 +426,11 @@
00463{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":581729,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABHc2NAAH4GKiYKAAABLUxxH8s8IPtar+j7\/RJIn1AYAfVfYQAAFwMDABo4gQ0\/ti+GmkptcE2+fzBrSGCpuBrJi5HiKg=="}
01487{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":582718,"pkt_caplen":838,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":838,"pkt_l4_len":804,"pkt":"ZmZmZmZmRERERERECABFAAM470RAAC8G+lMtTHEfCgAAASD7yzz9EkifWq\/o+1AYAfc8BgAAFwMDAwvE4VKvhwzxAvyDSBmV\/HWW8jrle\/2tIQrCHtgM4SEn\/MUbhLTf4gE2RQUohu+XLi7hNVkAAiCXy9BUxG\/BHXX89qoktGZKutZimmLlY6nEIRetaVs9kfhl4nPV4JIbX2KBT87OOtrDwqwIPawgP5htuEMxTx4sui6fIeL9CH9yD2firPvONAFmSWcN\/MOC6JRs9IDxTASCNwcgykFjPX2groCYqkEB2WOvOn8\/wW4ERgWZc+WIMsPz3ki0aEqeVfOwxti3O3RM4RLv9va6MKucZz8qaINHcfN6EVYEx2p6GR6ZwHPuIqU8VTWtmJEJqO9d3\/vKEbpnddrcUuxj8SG\/2\/wjKwPdHi3VpOCOvichdJN5nG7ZTr+5FvOCf1SaXiv3OySrY41O4fmTcyIFogTcjoIIBJOakc50PdfaMpLiFcjUNgplla95StqW2vagjm+2PPwVs\/qJ2KNRTMe5Yjgc5FfrHDbfIpvKm3li\/9UUkot6OjGCiZUFkynZrKe3d\/RBplnqEJAWUc0uQFIYNGXD6GdIVIxFRtx3u45qdZkmqIJ0PtqT5cHl\/rXkJRbJU1xLPycijyQw8kll3MMhoLwLczGH1Li1Fl68nHwfTXWne39dFpB8N4OBRGbct8nzE51iY0mKXGz8ngE2xq\/3Ckzvyyl2IS2673ohAqyKdxS+fIV5vIvBQrzfVaIzh9WAvbckzqhehyJ15tbxoUU+GMvYR3G9jcBmIRoeK7doD1BQmj6iTlsq3uGJy3iI8piNfDXe6oczyaibYRyGS4+Ep4WgvZNMDwbFEkEx1OjqCVNf3qFhFkgslSFgUfyow6u2srbMLe\/zmzoP0Bu+b9qxQtbXq9VQFPNGXlUi\/ilUEAaiElrYJOtrhUYQufEmNHhllxHZ8vJn+serjRsYVN25u0UiE9HGAuVFqCpoP8ssTIW9z\/4MhqNwMgECvvzaWu6a2VpJe4rWFN+NVOW5E19pib89T77fsjxffi3TiwTkQT4o0UE6wags7O73cu2rrwTz4b0tCejkUo\/yVNYHoQ=="}
00564{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":583111,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRc2RAAH4GKdsKAAABLUxxH8s8IPtar+ka\/RJLr1AYAfVfqwAAFwMDAGQTbp72Fcho4nrmgw40E8KxYIGuP0OPkWfS59V3PlW+86dER1\/SLENpVbWQOr2\/IvStSqCI+I4U7XIX8X0TVY4H836AapEtnh3hhTXQPIuOfgU\/m87qaWiOeWaecqoAAQYEbJRQ"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":933403,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04634{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":967766,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_tot_l4_data_len":3434,"flow_min_l4_data_len":303,"flow_max_l4_data_len":3131,"flow_avg_l4_data_len":1717,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970010,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
00537{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970156,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+ddNAAH4G2CkKAAAB2akUF4T0AbuSPuT1lAS3MVAYAfWu7QAAFwMDAFH5fOXuGGQTCSec9DTFnTKi073A3dyDK5aGklXxdlyqkvpUyevkvdQoFRxqD\/oXjlTQmrcRcGuGVlNE943mWtSSfq4hBwQRGa56H8GFDP\/RQpo="}
00652{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970361,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTddRAAH4G19MKAAAB2akUF4T0AbuSPuVLlAS3MVAYAfWvQgAAFwMDAKbOcashR5\/uMF3amwObsbFEZG4juIUud\/eSvh8GM+2\/skB5mrP+x00KhZsh7TmiL5saD+QkYu20S1OFq3z3EABJ7aHU2OgjGgUR7ODTq6fEo3O2ABLyrcG9Ds272JZCpBMNmRtXCFGpAhXKEUch\/vntLpgNQ1ZkdXe8TE6GtgT\/Sgi71RWZ53nstVrSnXdxp9dvYCNB5SywsI0xQcpCQ875V6im+3qb"}
@@ -443,11 +443,11 @@
00567{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":6752,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWddlAAH4G2AsKAAAB2akUF4T0AbuSPubOlAS61lAYAfWvBQAAFwMDAGkgWZNHHwUbRMjYZgPim+jcVPA8lIvlt8uCJ2eZKbKkof6emBeQB4ZuiNcpdnGozUD8xcUuYn90pq9wM3IlcVmBkjD\/l6WaohLg4aGOCUJtHm3lL5Nl+MBLSzJ21bUZhqw2ulCaIjhcHjM="}
00685{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46287,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrNdVAADgGXbvZqRQXCgAAAQG7hPSUBLrWkj7nPFAYAfVNeAAAFwMDAL6TKnbkFATDhtx3ySWDDQ2If6D3T\/atYxe8jN8eJLMXkaT60hSuSj6Caq8pc3kR55Lc5n7zezg\/M1IjudVoQ834E7mBmLpGlFm9+uVdppFEj25R9ZxcsIt3ktWSIpcsHbSqwQRsaNAehftbwQVvrwC31Q8L0JUTIrtkgAAd4jE3c3TS1omS2qjQ\/7VJt66M+cUwBoULTREmH35UDP3G4lm9V9U\/m7fF\/\/rigsamLr5yjLd4wBFYa9kShAV8+AC6"}
00464{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46588,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLddpAAH4G2FUKAAAB2akUF4T0AbuSPuc8lAS7mVAYAfWuugAAFwMDAB5L2lkJjpLClO8v9wZzC+dOrVqBd4j92hX82Nk7jW4="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00813{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":294231,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04351{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340313,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_tot_l4_data_len":3236,"flow_min_l4_data_len":312,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1618,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340375,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
00528{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":372740,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4OfVAAH4GNm0KAAABkv84YqrGAbtdpqfAr2J7z1AYAfWMiAAAFAMDAAEBFwMDAEWvoM+cBnqYmnkRkDPuwLtAUVkYLlQ03USNt7TH6Ov+UQEEyvORaaPH3O3ZNMzL2MgXRjNUDyx4v+rdCpv8GZgAXv9\/o9E="}
00537{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":372794,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+OfZAAH4GNmYKAAABkv84YqrGAbtdpqgQr2J7z1AYAfWMjgAAFwMDAFF\/agLwf2hkurOtclPc7PloPgHX8tIH4ISdSa4EvDGmjxH6c1qM4Rsw8Ui8OUp\/ZpG22ARbOXsOsMotn0yCCQpPKADwUIKVj5BjlvTnVXcua0Q="}
@@ -461,11 +461,11 @@
00571{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":422486,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWOfxAAH4GNkgKAAABkv84YqrGAbtdpqnor2J\/alAYAfWMpgAAFwMDAGkskbE6jojziEWZcr57nfNO3QVwvQHpO7RpYrit0PxYi\/EdGvNfu4dy\/1VG2nMOx2X5QyLU7PTvVX9K1Tk31jOxrfcpc4jXuSE2rb1qXnua7aXnvU1Clxzf9Q5XRvJCVGrIefRWpqyqjP4="}
00691{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":459806,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"ZmZmZmZmRERERERECABFAADsAABAADgGte6S\/zhiCgAAAQG7qsavYn9qXaaqVlAYBBPuLAAAFwMDAL+5P1wGAW7bqRbFQF49PLOyL7Nktp9V27s\/vxONurX4s2n\/rQw\/Pc6utp\/JQlx92Iwj0pMSpIonnsrcCShzvBfOIR4WwTTnN18t69G6PIAyQbjCzKU1Y5oI08MKAUN7p2wK9FhJ6KKs7dY3QsCtHu8Vp\/\/1URT5ZXAiCCddtgsJ4DVxjVT9RBqSeaO0vFHPJdMho6CfUjl26TvqbCuOy+ZmMvzj1FGAx9OM+o8vAKjrH07NZSC3jl7sTS6mK38UsQ=="}
00465{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460114,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLOf1AAH4GNpIKAAABkv84YqrGAbtdpqpWr2KALlAYAfWMWwAAFwMDAB5mHAVxw6qC2wo8lvd1nMMLvER4s1pZjX+1yYfWJU0="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":581420,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04341{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612150,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_tot_l4_data_len":3231,"flow_min_l4_data_len":307,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1615,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00712{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612199,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
00529{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":614392,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4putAAH4GfoYKAAABwUZVC9OUAbunNzpyos+hZ1AYAfXXeAAAFAMDAAEBFwMDAEWxR7EUjZHkVtX08CQhsaM\/Xs5Q6DMNginzkPCY+KYKSCqwTiH7uki4RDfQf\/Ey5MQ7C8dbvaWK4mwFe9xZLaA8IB711hA="}
00535{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":614509,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+puxAAH4Gfn8KAAABwUZVC9OUAbunNzrCos+hZ1AYAfXXfgAAFwMDAFEBK72qoyavs84v144gQzkZ+lvScOqnCOg4Fxl2R1DXDjRCzInGloAcyb9frAgUO2t8D8mxkuPsXSeiPIHZe9AVf6jmwOKW+LIq2uGYnRymDuE="}
@@ -479,13 +479,13 @@
00569{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":643099,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWpvJAAH4GfmEKAAABwUZVC9OUAbunNzyQos+lPlAYAfXXlgAAFwMDAGl2Br1EfvOd+7oTvKC3kE7CXBP\/2IvAewAtinvUxfi9a9UDm0t4OOCcLCJQfBTLqmjIaFlNVaCrSE4mXly1X6PfjJglufG+Yj3IVrGULPk9zqrUZstqStRuEBJJM5YzfTUxQjZllbU9xx4="}
00466{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":670800,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL44tAADQGjBPBRlULCgAAAQG705Siz6U+pzc8\/lAYAfUtRQAAFwMDAB6GTFZkUYOJTOEIFUQpPcd97xSl2MUDje80zwgABzc="}
00688{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":676307,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADr44xAADQGi3LBRlULCgAAAQG705Siz6Vhpzc8\/lAYAfV5MAAAFwMDAL4Y\/TNvQbA387qryrTfghOJwmBq7MrrqjaXgMYkUrdb7+JV7GyX2G1PlYEBhrHtmGmLe8TY\/GzaK\/74z5502T2LG8iavzUZbT7qD3yWi4wLUUuzZgCc8gQgsaBuwMQyskQjNARBgpNUYYX\/vIFT3JcxdZbYJJamKEp6CJnx0\/ERgrjyKOUeId0DgNdohXVJsvUqUinT5MHse8b9T1mcvnPy7kU\/joqvQgHKNgEtNxFahCTXP\/UEY3nBkseKTsx4"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":702099,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03183{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727632,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_tot_l4_data_len":2376,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02419{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727678,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
01105{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_tot_l4_data_len":3877,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
01117{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00544{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":729872,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"REREREREZmZmZmZmCABFAACFLIZAAH4GTBwKAAAB0frxGYuCAbtSRrRzwAeyDlAYAfWESAAAFgMDACUQAAAhIFrMk2g1XxRnkwN933MQ\/vEuKAIrPsEtdQ8XwZlKgX5QFAMDAAEBFgMDACgAAAAAAAAAAEgtNJFxGFxxxT5Wgfvmxud3VLSSH9hQHBUaUB9qvfYZ"}
00487{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":754083,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbuOFAADcGBuvR+vEZCgAAAQG7i4LAB7IOUka00FAYAfVwaAAAFAMDAAEBFgMDAChUn0cMTAufsksasolz73Qdzf\/2+QYz6jP4Gw+eKrW+TSaX2KNtN3mv"}
00510{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":754122,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ZmZmZmZmRERERERECABFAABtuOJAADcGBtjR+vEZCgAAAQG7i4LAB7JBUka00FAYAfU4+AAAFwMDAEBUn0cMTAufs5C+MZY2hrafZ4EG2X+BGXTwD+FMqilLBcQDOoGlAmOq+AbxwIvaJE1kGGXhoFbZaiZKMJNhg4aR"}
@@ -498,11 +498,11 @@
00984{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779063,"pkt_caplen":469,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":469,"pkt_l4_len":435,"pkt":"ZmZmZmZmRERERERECABFAAHHuOZAADcGBXrR+vEZCgAAAQG7i4LAB7LWUka2WlAYAfVtVwAAFwMDAZpUn0cMTAufttXw+Wnq4a8GOUVwXNhriVC+b\/v1NA\/TyyizPF8SN+\/iANfNdEIw1hHOjLXIBSC6TIq6yVuNTS4jkIJ6\/75YqlD37vd8cKEbuAO9g2HKvtcAbZnIZb16EEM4Y8x1DXRNcy8QnNtphGW34V\/Wo8lNlfUhdjlnpmEjh4EizEdoIcqeltCAb7bB\/o1fCtAxdjINx6EGlPxt67yknjg8s2L7hU3IBhwhMwnDDtgK2qDefPoi4gD4bBr3J53vnc7WVHILxO0qJPSiXDPfbcj9YoaAbQV9BCBRLu9Q1JxnViIe8reyImKiqe4+oiGn70GKVoXu3U91sni5Yqi\/qok1JBy6h5mp0YpMpZdhodzyfLsIU4mJ45hIOnNX44QZnvy1S8zz46tMt38y35Qi0KiAlpBHo2CkiINwbs4oXv5s5gXforYuJBIMuRpbpROYVhGd3ijjZa4cLYfpxKlkvaykl1XNpOvOin8ZVPFh\/OuslgR90VJbuURRuq0f9sqGz67CPebLxAqreB3KV4+1KDGxjte9vSueNQ=="}
00570{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779528,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTLI1AAH4GTAcKAAAB0frxGYuCAbtSRrZawAe0dVAYAfWEVgAAFwMDAGYAAAAAAAAABXG\/KQ+1f119dlMHblR2yidnQRbPvW\/zq63F\/igpgY2RqnaozqFyuABfvZrMQkxz0fmLCoThfIqwIZSAKsK+0ZpgoKUVQoA\/SuZsr\/YGiOO2ertUe8\/qVvDQqLhwLz0="}
00582{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779624,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"REREREREZmZmZmZmCABFAACdLI5AAH4GS\/wKAAAB0frxGYuCAbtSRrbFwAe0dVAYAfWEYAAAFwMDAHAAAAAAAAAABkcWKuZir635GoU1xm6sJ2pRP8I0lJaRiou4x857lKheGwpvuwMadXPtJo+n0\/ZVfO2j\/AWrt\/rHPyN+D9GGnGfJgyGzaweQAcKD9eDsiGzhiW0OZAjxJa9MS\/UdwGs\/MkWfhwyKm0VG"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":864559,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04343{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922095,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
00836{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_tot_l4_data_len":3236,"flow_min_l4_data_len":312,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1618,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00848{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02047{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922153,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
00534{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922171,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"ZmZmZmZmRERERERECABFAAB6LHtAADcGENVf2OWZCgAAAQG7q3Ca7xnPRlOpxlAYAfVWYgAA2V5hLsUbgAEXAwMARXXob5MYCcvmeQLUlTRsCD5Me1SM3hQe8X\/HgcHMk2uI0LOPU2IcCIkNX9+C7LIGQhPSeM57X\/Qd94pvwqCsYv6NMr\/xuQ=="}
00528{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":924807,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4N1lAAH4GvvgKAAABX9jlmatwAbtGU6nGmu8aIVAYAfUGmQAAFAMDAAEBFwMDAEUW+ynfPIUPgWsGIdUFpk0OwOAClb0Oq\/mIShKs292RBPHxvRC8jQty7TSrdGva8zXMNO4LmAoXO7IVucdmZqSgYyt9EQo="}
@@ -516,11 +516,11 @@
00467{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970552,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLN19AAH4Gvx8KAAABX9jlmatwAbtGU6uLmu8eH1AYAfUGbAAAFwMDAB4Nf8UJeas06r+T3i6\/\/7y1II+ujukEFzKxnznhsWg="}
00562{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970620,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRN2BAAH4GvtgKAAABX9jlmatwAbtGU6uumu8eH1AYAfUGsgAAFwMDAGSyk1KOdSdDi7O85h4PA7Kj1kLRD8Cvyu10TnJET0F2PpxtEkeiBWme8hFIBcwhfrN+u\/Tulm6\/k6XcAsDJdXdNFDD6wwHPy+S3J4XDEn8tXTis7ukzh5mU35a7uJWAcYD72OkA"}
00571{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970714,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWN2FAAH4GvtIKAAABX9jlmatwAbtGU6wXmu8eH1AYAfUGtwAAFwMDAGn4jD7I94ILrD7yyLiHEy5w+P9gXVYReJhoXDO4JiMUs1dSjEejMlBhK6LplTsX8\/Hb7o6IqK0sUCjWidZwT\/UOjxb\/JoRhBj5HBAsOKbGfXFD+LzRVsvAk4SCxSRdqAk5nuAYKrAeE+oE="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":59475,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04361{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97803,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_tot_l4_data_len":3229,"flow_min_l4_data_len":305,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02303{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97864,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
00527{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":101600,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4MV5AAH4GE0wKAAABLuPINt7iAbvHEJGbu++oG1AYAfW4QAAAFAMDAAEBFwMDAEXKqSJC2lkh5G42SMH+kUqPJFSCLOrnY5qYiyyOSGxU019Z3g1+admSewNNt0yPEZJoMQ1+JpUFad+MGHQ3aW46rImbTFY="}
00538{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":101756,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+MV9AAH4GE0UKAAABLuPINt7iAbvHEJHru++oG1AYAfW4RgAAFwMDAFHgR8CaAUsNqdt5xPfcdxXk\/ccwFxgxpSNMxvQytY9LevtkgxLHXMiQ60Vij3ZxU\/QEiR4Cl8Vf7C\/woRAEzI9Vk7xgbuIDVQT9L9Z9gXPTwyE="}
@@ -536,11 +536,11 @@
00682{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":187345,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrZphAADcGJJ8u48g2CgAAAQG73uK776vOxxCUJVAYAfV0OwAAFwMDAL6wyx998YbKxmhMw3+CbPsfnr4wXvWu9\/nfQvNorwHZg0srS5b7iFdGjGxZUGNlFBD4TLH3AzFc1xK1\/J0T2VFH8uDpGe8owqNCKImjGik5Rfd5F24uYKSGIYmxbUfgE5PK2eru+BRCrL8IEcqvV0LwgKt5CQaKMtHOFanb7Cza85s9XyOcjYz9wcZRJTSv46SL8xZ0wNzMBRezCeekROZM5P3D2xzeSAqSrV3f5Ck85qOoGJR8Qi7HLCko8nA2"}
00488{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739415,"pkt_ts_usec":188752,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbg19AADcGn1KIkNeeCgAAAQG7y9B6n4qk9ztBOFAYAPXJwgAAFwMDAC7p4enar7a69h\/ap6n0W5hiq1K9j0xA71Ah1sGQS9PZ3SOPEcpAhCVrUATzJZDF"}
00449{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739421,"pkt_ts_usec":46730,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAddtAAJkGvV8KAAAB2akUF4T0AbuSPudflAS7mVAYAfWurwAAFwMDABPAQVvrxZDxyu0V2WbXi8Wc7\/ph"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":327563,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04497{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":346755,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_tot_l4_data_len":3339,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3034,"flow_avg_l4_data_len":1669,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00530{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374765,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
00537{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374833,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+XklAAKYGo2EKAAABCQkJCsqGAbs6mT1fwXrZJFAYAfXTPwAAFwMDAFGj4ZdVWENvHP7mlWww4fyc\/LCUwAcUVZSTOZOCuihsQZi0qxZIU3KBjmxt4UsdwiDNOUBuB692q78ru91BCfhzjqstzxoqRC1z\/lvOLOyurCE="}
00657{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374894,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"REREREREZmZmZmZmCABFAADUXkpAAKYGowoKAAABCQkJCsqGAbs6mT21wXrZJFAYAfXTlQAAFwMDAKeCWd2l1u2Lq5nscCXqD9rzuIFbFEIFXZRDecLEcxbM7PSMCkfJA+iEkaf0cGjV8LczZrsob3nZH\/qH4fB6bL9ggwzZsJcQ\/vTsjE5m2W4ZKgiwKat7BKpY36LD\/9Afx1qnea6QcjD2EWkQhCPe1Soya4r1y5EkeNxIyteNSI\/VQNM0d8BDdw9EJlLgnh+Uvy7R4PE6D6LtYWxW+\/MgQt9Sj\/BpbZZ8ww=="}
@@ -551,11 +551,11 @@
00634{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":405726,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"ZmZmZmZmRERERERECABFAADHVbtAADsGFqcJCQkKCgAAAQG7yobBettjOpk+xFAYAHtFOwAAFwMDAJrlZdBVS0cKHJnqEJaXIqAMqgJO9gAwybL2E7xe9qQZDr4J2CA0CxAtNC0Boxr8btXLopFLp0PWcJf8L9I6Bnv9ARtkisdIMLLx4GNLsopMbMvf1P9LXCNWLKmRGCDKo3N4vvUhY7bBpv6nEeDTO\/oU7mh5T37WkPBRQhHrVJs7lTiljdD2tCiBraXCJY+h+e7jpTKniTc\/A+Xc"}
00449{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":406126,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAXk9AAKYGo5kKAAABCQkJCsqGAbs6mT7jwXrcAlAYAfXTAQAAFwMDABPuHGcQnap0Vm7XVP89BjuxPcso"}
00529{"flow_id":32,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":413039,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"ZmZmZmZmRERERERECABFAAB4Vb1AADsGFvQJCQkKCgAAAQG7yobBetwCOpk+41AYAHvgMwAAFwMDAEuf8FnU6xhGOURGBoRDN3wq2DAZCmPVTSnU3vLzpSv0xnEWwtxWw+S8xLuhv8sm5rPi9TW2uaKE9E2ATpSI\/WmLTaqDOIUZ3oIMR9g="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":512401,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04642{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":535299,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_tot_l4_data_len":3439,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":1719,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537491,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
00539{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537611,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+x6VAAK8GOCsKAAABuetRAa6gAbuz5lqUlG1MBVAYAfXMGQAAFwMDAFHO0jbbFd53\/ZuDXr7vmFxcqFu0J8Lh\/X61p5xsIdeiV0og3mV\/A6pcxScMeZBlAeEIH5hDkEBw1sCQ9Mi8V+\/F1osqkP5BLLW5Wz8JDl02L8Y="}
00650{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537759,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTx6ZAAK8GN9UKAAABuetRAa6gAbuz5lrqlG1MBVAYAfXMbgAAFwMDAKbOQ7z0brbBFxgWZxwhW0QoxqthM\/YW2w0x8djZzSiWzVGpKLqzVQgkOT3HmOXxWdTl2fvHJh3N5G4mHK5ZWfcqKFlK\/fPDvKjV9wXy2wts7afxohUDvCcvWmA2n3Ej1Bu+ajruE2SeIFZ8sHHacL4bjLmiwm5VQ\/eEaQaQGwb91Bxh8GH0Jbyin88rP63FYAmiEMZR6fMeJDXgQHxpsypc8wZI+C21"}
@@ -567,13 +567,13 @@
00465{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":578915,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLx6pAAK8GOFkKAAABuetRAa6gAbuz5lwXlG1POlAYAfXL5gAAFwMDAB47P6zsJLwbwYHugGHZbxWAzApODX7VmeBEgUQGckw="}
00449{"flow_id":33,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":578957,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAx6tAAK8GOGMKAAABuetRAa6gAbuz5lw6lG1POlAYAfXL2wAAFwMDABMWEHy35xGvTWnWCOeYpetAF3W+"}
00449{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":599667,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABA7pZAADQGjHi561EBCgAAAQG7rqCUbU86s+ZcU1AYA+q7SwAAFwMDABMugBtN+BphYqwIRyb7JrNaAFhQ"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":619145,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03182{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647275,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_tot_l4_data_len":2376,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02424{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647564,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
01105{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_tot_l4_data_len":3877,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
01117{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00547{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":649898,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"REREREREZmZmZmZmCABFAACFcKhAAGQGIfoKAAAB0frxGYueAbsFpARIj2RGWVAYAfWESAAAFgMDACUQAAAhIDhgl\/pgcZzI6lO9kUAZaFzioUwXXdw7Ym0x6dU\/q10rFAMDAAEBFgMDACgAAAAAAAAAAOFPtsf5Zh\/ZpfjCXPcTMYNe90ERP2qdVmtu1keYta\/S"}
00486{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":676025,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbIhRAADcGnbjR+vEZCgAAAQG7i56PZEZZBaQEpVAYAfVgFwAAFAMDAAEBFgMDACjtN4hu+Wj5TjjaWNwCyZ8ctKfP1eL5gPNYY2UtZk64saxD6JdGPhjz"}
00514{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":676058,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ZmZmZmZmRERERERECABFAABtIhVAADcGnaXR+vEZCgAAAQG7i56PZEaMBaQEpVAYAfW7lgAAFwMDAEDtN4hu+Wj5T72OhZyUZQISOWl\/\/qTKLhF2qZvrmv3+8i7gpYLzyJ27T1c244ZQ8rq8Ep2UkicIrJvjhNE5\/mV\/"}
@@ -585,38 +585,38 @@
00808{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":797498,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"ZmZmZmZmRERERERECABFAAFIIhpAADcGnMXR+vEZCgAAAQG7i56PZEchBaQGQ1AYAfXh1wAAFwMDARvtN4hu+Wj5UmDU\/NMvzW4ZaZqdIfuvzN649M3dg1IslZuV497wZdEWN18SPWfNvNW8q4xHtzKTRCxZAREEWQlp4nWAChN9Hf0WxJtC4IwpmzNwtcEChHWK9OqnFadz54IjXtGIgyjPtiP9fPB2F8WZ5zS+xv6fFfbEDAHBnShO4sPY76jns+QN2mo17OrzBGKkRb9cfJAt3iMizwZUpOlQOP2GiA85Nvlo6Yb9YkROjwvoZdV9nxmOZsEFjMzRr4OgXqZov\/LdhkmpLzhTBsID8buM\/NdEZejpGf0vO4i4denS\/k8t04Fc8guOCMoh6UEz6cm3PEl+vJqH8CPXw5T1kX6wZ8C7qcgMbHakCiCtWYQ2ONg2qedqPksX"}
00474{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":797870,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"REREREREZmZmZmZmCABFAABScK5AAGQGIicKAAAB0frxGYueAbsFpAZDj2RIQVAYAfWEFQAAFwMDACUAAAAAAAAABVhjIGTs+\/AOgfYG19x5nx37HUS1BlwfDA6hyRYj"}
00461{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739888,"pkt_ts_usec":204388,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABHcK9AAGQGIjEKAAAB0frxGYueAbsFpAZtj2RIQlAYAfWECgAAFQMDABoAAAAAAAAABvrFh2UDsPRtvqC2sowvAB5faw=="}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_tot_l4_data_len":5927,"flow_min_l4_data_len":51,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_tot_l4_data_len":5556,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_tot_l4_data_len":5165,"flow_min_l4_data_len":51,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":368,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_tot_l4_data_len":7077,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_tot_l4_data_len":5644,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3131,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_tot_l4_data_len":6769,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":398,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_tot_l4_data_len":6081,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":405,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_tot_l4_data_len":5436,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2523,"flow_avg_l4_data_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_tot_l4_data_len":6196,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2214,"flow_avg_l4_data_len":387,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_tot_l4_data_len":6365,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3151,"flow_avg_l4_data_len":374,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_tot_l4_data_len":6132,"flow_min_l4_data_len":51,"flow_max_l4_data_len":3023,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_tot_l4_data_len":6292,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":419,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_tot_l4_data_len":6815,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":400,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_tot_l4_data_len":5583,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_tot_l4_data_len":5584,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2858,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_tot_l4_data_len":5685,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":334,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_tot_l4_data_len":5357,"flow_min_l4_data_len":21,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":334,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_tot_l4_data_len":5030,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":386,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_tot_l4_data_len":5852,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3145,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_tot_l4_data_len":5468,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1582,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_tot_l4_data_len":4845,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3034,"flow_avg_l4_data_len":403,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_tot_l4_data_len":7232,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":401,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_tot_l4_data_len":5898,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":327,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_tot_l4_data_len":6994,"flow_min_l4_data_len":26,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_tot_l4_data_len":5594,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3136,"flow_avg_l4_data_len":349,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_tot_l4_data_len":5067,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_tot_l4_data_len":3157,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":789,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_tot_l4_data_len":3155,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":788,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_tot_l4_data_len":5744,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3118,"flow_avg_l4_data_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_tot_l4_data_len":5802,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3120,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_tot_l4_data_len":8783,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_tot_l4_data_len":5059,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_tot_l4_data_len":5760,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":384,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_tot_l4_data_len":5856,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test"}

14
test/results/doq.pcapng.out
View File

@@ -1,7 +1,7 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":199591,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02098{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201842,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="}
01070{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201890,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="}
00713{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202274,"pkt_caplen":279,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":279,"pkt_l4_len":225,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAOERQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEADhAPTg\/wAAIAi72eOch5MP7QhOL+O5iCYx+UBDpLbz6hVr3VQhQggh8jeSy4LrSByAKcA4h02NrSHlYfiZeIBfX4cUD4rj0whBaxqv8GZptq0Yh86VFZ7cihClGjSAiHi72eOch5MP7eD67j31tF9Ewc7\/cDWWW5sbKgeZ8Ni53gCKJC4UiBzoddfNqguK6L47A8v5MfBqkmPLLd375Ln\/BizbinX7j2Wb\/eMxuHFSq+9VI36g5fjgo4+MYm50K5k9Iro9bud9p1Ez1Q+5mh70eHrGquqOwXiz\/D6V"}
@@ -10,9 +10,9 @@
00492{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202473,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAD8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEAA\/AFJMu9njnIeTD+1UZ3UL1a3XfRaN5wUfWs7iYRlISEYaJh8AeMvzJsGP1FxH1D7p62sJHL54hGmz"}
00535{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":209998,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMflHgN8pivud+t+xRWTjwsuKf67lT\/nM9uYZhGnTjZKGw6ObJH\/xJ9ga6sYiFSk22PsyWv4EW+86EoI8R8diOdKlj\/jL1WT6sn8whw05"}
00534{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260163,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
00426{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00430{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00600{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260178,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
00460{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00535{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360401,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00599{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360423,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00536{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":560720,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"}
@@ -23,6 +23,6 @@
00599{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056094,"pkt_ts_usec":761968,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"}
00534{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056096,"pkt_ts_usec":363686,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBRTi\/juYgmMfk7fzjw3Vkk9LKBWcCW8JCljapCgvuQGIA4MlTOIZaNPxeCLfwxGo8OzSiugSvTVy7BU3rCif4Dtc3ePYXiNIKKXsDwOeyqUoLvTo8o"}
00598{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056096,"pkt_ts_usec":363710,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQT2OQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBRTi\/juYgmMfk7fzjw3Vkk9LKBWcCW8JCljapCgvuQGIA4MlTOIZaNPxeCLfwxGo8OzSiugSvTVy7BU3rCif4Dtc3ePYXiNIKKXsDwOeyqUoLvTo8o"}
00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_tot_l4_data_len":4032,"flow_min_l4_data_len":63,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test"}

8
test/results/doq_adguard.pcapng.out
View File

@@ -1,7 +1,7 @@
00390{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02073{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":43144,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00588{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":79621,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
02072{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":84825,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
02097{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":122822,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbQAAD8RO05ejA4OwKgMqQMQoG4E7CdXyf8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRABAlUp76TjgEqdop5UKSI\/F6C7Gd9+z58rAvv5K3VJcoj\/wbKGCvwUk7hAIZQkwS0eQW8volAE\/nQLfPF\/ox4Fu54Iz80wj9fAhhK9DPh9I3m5cX1kBTgklYoQzHtAgZePSyxHP6hihn0FPt1BzVGGJcnUShw4Fy27vLE7qS\/7U+ePnY21jz69vyKuwXZuTiiipLJ8YK+0o6f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qREQSNEAdToqwkUBeCPSTrtq1i+\/poFtGCmte08vfTNyuyRI2BuDSMLi4bKO8pdcS2OC7T2X+MCJiync2qglwLaK\/ZU6bCtCK6b7VW919zbwzxcwIxzakqRvR\/mHdyX39t6PkLoaGvK0X2vbjcfBtb8h9mxy2cMiCG7\/xmTssSfThjiW\/NA9r+eiSMaDW26lOxC0Myi2DyzhDaTuSGSXZwR3CdWz\/ehHzTlDnGfh\/fqCFNYcS3v3UJiv+Cd0NLG44Vb9GGFrsZAF0TFEPoReaDJEc8E0xrNED0dRphUxIr\/DqFgN88iZ7j379UNmsHXy+9mWkitLF30R2ORqsURlznCsncam1RRgTWr4gcq9w4PNs52tqYlXDTCw4di7UTg\/DXRKcsZbsYlRVAfuycbyKPF0+Crf95FQRqiDvujNGcSTFX0VUkcz4Fa3pVHkQZTqBaaJldHmG75IwR2jDpJHz0f8U25KfeMiidTlxNhhm4ZqtGvKIQ4l+F6Qgx3jz+Qgf4yWjkIytmooZaorzphY\/a1kd6q15yS9OAMFDlQGdC5w9pE5P54RHRZK\/rZQvTXChmSf0vHRtYR3c1oFoJT5F8p2MZU6xhBjIUVysia54dwyFSZwbXqhUTXJrPSmDnqDfgBnK15jat6fjDPn9EWVvi7jaxG881+aOZ0xxnx8yaRNN3cCXPRxuMVSBmS7R7uoMquwsmmUOS3HlBY98FG9pd\/pxl6D9GixGNYBEezKcsx34lBBN0+GU4QtQleLTJjzhkmdkqnu\/8ysyuk3AuGjDDpL4t9TZcSgmggtEeEIAD2uQ2Zs4+WrO+VF5RxXbNWqozAUKDXdWU4IhvJksaRt8LtCWMK+Q00gsZwn3bWnNtabhQ1da83CeC15FJEtCDSDfxhmRH8vWgIrJbPgN8gB44r7wKu16DvYGW8aqf7zmsckEnkXbn9FLsfs6ALLsVL2msz6xtzgVn74SrIXydDwMfx1fXsW5dM2nkOLSCiM7YyFahko2kEAUPa6aTOfHxZLl9R7YCHnpAfkDCw04yVocKSaV5Pw7dDALMPZTFdRwdAqoyp3JhcsW4wUVqsp0PTozIQzKE7JAcqGlvFfwXzZ7er6uAZdx36hfYDgYoKAl7S301UkQuX9mm323V1dh5OybrgeBmnlr+MoKe0Mw9PiTuvSS8+Q3jyvTGx5OnutvIwmCJZ3KlkUzAfZXELr6zCDgD5WkbH12NIA\/4Eve+66VJmSimGr\/rnpAwbN5efr8WSYM7kHl8\/tHLa\/St+DGu3hHqjLCX57P6yvpn13zBn38N5nhVh4BtxHTcXl9nJ40h9Fo7xe0oRT+d04279tPg1uhRPq+kJCTbSuAl9GMdjJxVxoxsuu0aJpaqKEm+d\/QnaM4+TSccA=="}
@@ -16,5 +16,5 @@
02084{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":433118,"pkt_caplen":1284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1284,"pkt_l4_len":1250,"pkt":"mt9Y+uvcCL6sCxduCABFAAT2AbsAAD8RO1FejA4OwKgMqQMQoG4E4gBv5f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRES8jklNSP9hrfN4jT\/oyQHcSv678Q3HxgKkoiWZGDaBC9fuLqj43rzFbUWPQXOctpekdVNsG+sw2+UDf+j5N4NVeHiTBwygNKR87tBG6VGF+xe7HUhOzSJVrsJerfW8g2boHf63jFMqMCOX4mIJinnpnqF39WJH3QI7MUjoh2OjVCdRNsiqtu+BaNmL4A7qsIG9L1EcW4FcHFZWf74VHYFFpX5GBMd3DtHQ\/k7N+PRhSDjEBQEpBnpxNvfdpUkdr8+rJiuWCgKnaOhMoEaKk8bZqYDW5EtRRNEc1JJhGljj9Ai3+poWtmuCYM6blueibrDpzikCawKG8z5t6aeBBKHUotg8t9lnAkaHDir\/gnyQD+24HGJt5V3MowhSdsZq27BqutG00ruayP13yMnzxkRmKgwORdpWeKtFs1y3lBbqL35MwNRbHbpLNvJLXcf1l5Avjm6qAUfmBGdXXYv5hAuIG5bEzA\/4FFZ3S4AoYifkoSeKwWrwT2b\/UK577pWxO2lE\/hqFZxOEytWoksc4WLxAyV2AI2ivIPy7WCBk7hTDHvTIbf2TqrmF+KPEOAyMqtPWu1p2wUO6rxLdwkHaRk1qjv+XItfKwaQKvCEUbLyQfYGkvWu+gog6kDChkhP34xu9CnFLQwf0+TJGDbxBxpCHbI2r+Kl+q7VufCJCw\/rBb16\/ANyJp6nFt0TxTs5kj2yy1fGuQVV2P3oiuJ8yVQGZOliW0r9x+8sQBYiG09W4G0DaDbOyZUfkb7dWMABROT7oAHHSrGE3FZfrFPOwKd6i2V7nHb8fT8tx1YG4+cL6RJr52cgKSuLmy8T+RSSsmAVnrg\/3yC340z+PNexJSsSAPK\/Gq\/Voy894IB0FoDkAQd\/DuKm6L0Z6Bis6Q14E5Zd66vAyChxbnK1m\/nBnSjcLGfOsvzWgWcjqrnarhCd9nP1Ij5pZC4G9gNxiCYUp2Va1qFs3moAy7Pla8c+Ya2wO1lfOpuEsBU3crhGOzbQZ52w\/1OW09Rbof75DZjMAbbecCX0Sm9\/AGGyJrzLG+IEAM8xH4c2TMzKRQMxRjCxWngD7asrBmwW8rofjdnk4X\/l+xws9Xjnq++LbsjwY9soooCiuPRsKejOnwD+wv0fcsCl1NFnOK7uP9J39NSw5nkcxriUaHt\/rIF\/R9L+caChbdWFj3nzEfER+FdTX+T\/NRWxa\/V1WDyY7ajEsg0s0jKG4DlUpzFTqHklMr9UkDgJrTEjWZcX+kaGxfo5Wv3jz2kkN9Tfz0K+vwnF\/q8ZWRxxnLYDCcgvwHI+52Qu9a0p9nFv6o1frifR36oQ+Z5kfnpvSggh3acsGkJC7Rr\/0LWuYEIM1TrL0Hg2q62ewfYJz0J5Ejr9SG\/Y9iTBUOY66VIuXBOWufWEiWhk2GFD29XOrBjXB7jlK3AfQJWFHy7w5cBze+n754afVyeVnT8w9zvgyR6QNIxRvqns+0BvqK9Zclf8XVTwY4sVRAqbtu+7mSt0+wEAb+pG3MFUJ4mzT6T8KRY2XnzL4Mc8+9KVp5Bk7rxQmqgGLXWZOt36IpgRhHIfOuNBn1IJLD7cJ6ec7EvKFUb1wB3SvX\/bsEl9SzyWfyNgu9c54203uC55g"}
02084{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":433130,"pkt_caplen":1284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1284,"pkt_l4_len":1250,"pkt":"mt9Y+uvcCL6sCxduCABFAAT2AbwAAD8RO1BejA4OwKgMqQMQoG4E4mLZ7v8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRES8HGytFNakml4PzAwQaQZHc6jIBpQl61gKTaclBkH4l3lK3V26WShey\/TnsdSvKDKpXYJGGJjSSPz6xmEhdjXEAMBVaiKjETXFEOzDPRh+kQQJauoDKkCd0CQNrMhAmicwZKZ9inPEPTcitdqKPoItDvEVpKDzWn30RouaCWx0Ccaj3z30pphsLP9mmA+KzRva8myzrv5GvuishmfTYsSPOXeJe1fh4J4wfoyoFsnqFB+Rj6W+PS3WP3wlFg1ELNUK6FIRQTgFh+0sOM\/hh1pnp3QGgLuOvDO6aOeFjv8ayRYlMc1zLoSi0bJHeuqs5YENToAkzQAN\/SDhzdkft7JAolL\/cvx+82oCUXcS8NPngDaI3BOOxMlJuEliwhdAlSOQdO+FWWJweQ8\/fhateqpC+1G9wl8XvUQX8\/ljx3YJnKOvmmUG+SPCuuLNGecHoKK8AY4t9965\/YRUpnl7iCtuYexpaBXzvtdGBimVRlgDAjcJmavFlD6AkxsFnRP38YTbgm\/wcTnf+2CYkHkFS8+CJhNXsxaBXrxmRjoaWxccVEItR2FDbEPK9wy7VRD8Df+zNx+h2S5v9CUFigRwa1vGtZ2Z3Q+CYwWIf111cTy+\/GsjPZwr26hKiRQUyH7\/Au75L0uJN2BejTlIWvH+N\/aNaYn6NJ+ZFRCj2JWXv5VddGUEwh9CkQdti9buvBrvAhbSgJiKk60RyCRIWWhsxb0MQCFoPicAx8MkVopeJ9dmJW\/qa\/CYRehizNujeyQ4FJjGZm+h2OBIdsHXA4M3urzh51TBucmYcOyQzO8s3eGI6H22s73JCw3Yb8OPLtNLz\/l6own\/Tv7VrGrU5CJMEHjRWZG2lcJ7zSJt5g0E4KUi2o0caspq9HJkIT671OeDW55yNgJGKdRAtFE9B2LvuQWd\/U440TUqWCPe1i2nH5tEi5qQ4uwnAV2FNrRw7y6NzZ5GuNLzmfffcYi\/84cQkNgYe4Pwlcmdv9NW8qrwH8JdGojxVy410oHNENrZaepxULgnSVuPmqLfNhLp3Flo\/fCWou2M7DeW+9MYECvR2R9a945iMKHLbvx7lqs2Rl4ISPs8tpXLB3kvH+B5thX+jMs08Zix4fPWUXzBu8KLQLtQqmg8KLKaGSKwKZtyItXfGptVMu+M5tSJvaHHwwWOQ4o3kbftK+gvqEsFzoqdIowBF5DGabmWpL8nsANK0auN\/C5+5RzFO3ftzU2W6UlEy+cvv4LWxIKaPG2tImVo75bpC+W8VeUGoN\/xLjFX+sPAYBhewRVbO76GPWrk12jjKph7VUv6wija5t+9C17hKQmGyG9nxBLHoTLn4mIhl5Ai0d54tqw+wpXfuc4a\/PSM3DYc9DvribAwKi+wa+IE\/Uta2UvQUEZgeroX+qbGY23MpOrFQ6xsR1XBQBHPcAnKEh21lh1MGzqOg9p38iaZtfQWeUBkredgJV85jgzzWY2xkBlReo\/xFP9qXhC3e5zLKid17nylp5VgRbLAehvboaHsLbSANdUdKGvWJQuCmIWpgQ2LOTMJkEc5ryNX8QPHdRD7x9HDttgDv+QJTM8CjnxJF45XgiTNZjfrhjB0Y7J7BLK14uTv6MNSe\/St9r+Z"}
00714{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":552488,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"CL6sCxdumt9Y+uvcCABFAAD\/XadAAEARolvAqAypXowODqBuAxAA63Wt4f8AAB0ECv0qRBFd\/nzqdcW5fqNlTwscOQuxdUBAFgVCbN\/RWlf92Bi4xbsmestxwaOWzmLs0UOVup1GWKiJ0THmdCSxOUYMjjJQlUfCJ\/s8QbJV\/u5t7rXjjRFpv18K\/SpED3H7Bx4sBoyGtGJqEQTxS\/oeZBY\/wYowmf3EpJiUs1hRtfh+uoDwfq87X5glE18OQjoYidfBw7A4Umc8TkwRbDOR+jZ7zQbXe3U2zDrO2LQieDEhB+\/tUlVyGsn2PAgQPNlwZczAYXjqFOGeUuxU1TZ4wjfK6+evSSxkFUfwNAg="}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_tot_l4_data_len":34381,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test"}

360
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -1,42 +1,42 @@
00398{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409796,"pkt_ts_usec":586005,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409796,"pkt_ts_usec":586078,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409796,"pkt_ts_usec":586103,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409796,"pkt_ts_usec":605834,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00393{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":75407,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00393{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":75462,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00393{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":75487,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":101878,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553896,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00499{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553965,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":554005,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":586916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCgAAAIAR0LfAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":47534,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00483{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":642006,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00498{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":23617,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00498{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":23770,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00498{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":23846,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDgAAAIARzLfAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00498{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":59459,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":428975,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":348591,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":543745,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00508{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544216,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544288,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":583272,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -49,336 +49,336 @@
00508{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":43050,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgGgAAAIARv7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":83383,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgGwAAAIARvrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00553{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":223804,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00509{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793465,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793598,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHQAAAIARvLrAqO+BwKjv\/wCJAIkATHyvAAIoEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793661,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHgAAAIARu7rAqO+BwKjv\/wCJAIkATAu6AAQoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00452{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409807,"pkt_ts_usec":597015,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":132208,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":517809,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":901809,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409812,"pkt_ts_usec":669822,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409813,"pkt_ts_usec":829815,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409815,"pkt_ts_usec":308846,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409817,"pkt_ts_usec":241324,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409819,"pkt_ts_usec":547009,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409822,"pkt_ts_usec":253028,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409825,"pkt_ts_usec":334722,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409828,"pkt_ts_usec":857801,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409832,"pkt_ts_usec":716325,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409836,"pkt_ts_usec":953806,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409844,"pkt_ts_usec":797969,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409844,"pkt_ts_usec":798231,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409845,"pkt_ts_usec":301797,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409845,"pkt_ts_usec":301935,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409845,"pkt_ts_usec":853803,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409845,"pkt_ts_usec":853922,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409846,"pkt_ts_usec":177854,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409851,"pkt_ts_usec":581302,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409856,"pkt_ts_usec":181279,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00485{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":28684,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":28855,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":28943,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29055,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00387{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29130,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29275,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00387{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29351,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29513,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29589,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29785,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00545{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":29960,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":160}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":160}
00387{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30036,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30103,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":87}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":87}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30186,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00523{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30361,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":141}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":141}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30433,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30536,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":69}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":69}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30659,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30799,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30872,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":30925,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":31027,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":141343,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":141465,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"}
00168{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00486{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":529509,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00485{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409860,"pkt_ts_usec":77840,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00486{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409860,"pkt_ts_usec":625807,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00486{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":175103,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":597261,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00553{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409862,"pkt_ts_usec":195835,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409866,"pkt_ts_usec":206390,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409867,"pkt_ts_usec":606753,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJwAAAIARsjXAqO+BwKjv\/wCKAIoA0Qj3EQIAEsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00435{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734666,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734893,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00415{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":736028,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":736118,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":736262,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00535{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":736631,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":144}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":144}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":739983,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":740173,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":742285,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00418{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":742459,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":63}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":63}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":821798,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":821909,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409871,"pkt_ts_usec":610878,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKAAAAIARsU3AqO+BwKjv\/wCKAIoAuRxAEQIAFMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":653497,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":93}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":93}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":653693,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
01926{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":682866,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="}
00172{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":1190}
00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":1190}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":683060,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":55}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":55}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":683183,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":59}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":59}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":683292,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":793837,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409873,"pkt_ts_usec":117808,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00522{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":181879,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":669832,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":93}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":93}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":669999,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":670119,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":703380,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":59}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":59}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":703521,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":703601,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":764250,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":771024,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409881,"pkt_ts_usec":580957,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKQAAAIARsE3AqO+BwKjv\/wCKAIoAuRw+EQIAFsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997566,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":64}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":64}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997752,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00420{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997898,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":66}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":66}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997999,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409883,"pkt_ts_usec":83853,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409883,"pkt_ts_usec":461819,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409886,"pkt_ts_usec":201847,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409888,"pkt_ts_usec":477823,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409888,"pkt_ts_usec":973798,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409888,"pkt_ts_usec":973922,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409889,"pkt_ts_usec":485899,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409890,"pkt_ts_usec":489826,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409891,"pkt_ts_usec":489903,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00670{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409891,"pkt_ts_usec":609903,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKgAAAIARr0HAqO+BwKjv\/wCKAIoAxRTzEQIAGMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409892,"pkt_ts_usec":489826,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409893,"pkt_ts_usec":317826,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409893,"pkt_ts_usec":769840,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKwAAAIARrkHAqO+BwKjv\/wCKAIoAxYA9EQIAGsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409894,"pkt_ts_usec":273832,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409894,"pkt_ts_usec":785830,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":177868,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":741945,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLQAAAIARrEHAqO+BwKjv\/wCKAIoAxYA5EQIAHsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":982740,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409896,"pkt_ts_usec":749822,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLgAAAIARq0HAqO+BwKjv\/wCKAIoAxYA3EQIAIMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409896,"pkt_ts_usec":865840,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00522{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409897,"pkt_ts_usec":721870,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00522{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409897,"pkt_ts_usec":722007,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00500{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409897,"pkt_ts_usec":749849,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgLwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00554{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409897,"pkt_ts_usec":781873,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409898,"pkt_ts_usec":877607,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":60}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":60}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409898,"pkt_ts_usec":877844,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409898,"pkt_ts_usec":941801,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00501{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409899,"pkt_ts_usec":251619,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409899,"pkt_ts_usec":293810,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00501{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409900,"pkt_ts_usec":753846,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgMQAAAIARqbfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":670409,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":670550,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":670651,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":671761,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":671851,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":671904,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":672058,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":672135,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00594{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":672211,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":187}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":187}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":677279,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":83}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":677421,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":677504,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":679586,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":679667,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00418{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":679733,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":63}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":63}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":737930,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409903,"pkt_ts_usec":738050,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409905,"pkt_ts_usec":957339,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":60}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":60}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409905,"pkt_ts_usec":958005,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409906,"pkt_ts_usec":45807,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409906,"pkt_ts_usec":373827,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":337893,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOgAAAIARn03AqO+BwKjv\/wCKAIoAuRsuEQIAJsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00655{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":338019,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOwAAAIARnk3AqO+BwKjv\/wCKAIoAufUpEQIAKMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00687{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":392441,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlPAAAAIARnTXAqO+BwKjv\/wCKAIoA0ZTzEQIAKsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":865229,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":865369,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":865432,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":973799,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":973907,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409909,"pkt_ts_usec":161807,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409909,"pkt_ts_usec":358578,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":828356,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":828513,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":53}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":828650,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":828841,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":828940,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":829009,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":829099,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409911,"pkt_ts_usec":829163,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00169{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00562{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409912,"pkt_ts_usec":777830,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00171{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":172}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":172}
00696{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409923,"pkt_ts_usec":353834,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADrPQAAAIARnC\/AqO+BwKjv\/wCKAIoA11O8EQIALMCo74EAigDBAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00500{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409925,"pkt_ts_usec":57831,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgPgAAAIARnLfAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409925,"pkt_ts_usec":58018,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409925,"pkt_ts_usec":661877,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409926,"pkt_ts_usec":307736,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
00170{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00501{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409926,"pkt_ts_usec":557294,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgPwAAAIARm7fAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00500{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409928,"pkt_ts_usec":60524,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgQAAAAIARmrfAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_tot_l4_data_len":2432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_tot_l4_data_len":1064,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":12,"flow_first_seen":1576409867606,"flow_last_seen":1576409923353,"flow_tot_l4_data_len":2358,"flow_min_l4_data_len":185,"flow_max_l4_data_len":215,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":12,"flow_first_seen":1576409867606,"flow_last_seen":1576409923353,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2262,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00142{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test"}

8
test/results/drda_db2.pcap.out
View File

@@ -1,10 +1,10 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":220609,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221098,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
00651{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":338468,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"AAwpfMZqAFBWwAABCABFAADXIrhAAIAGgZbAqGoBwKhqgBLvw1AKtGex\/V5WSFAY\/\/8dAAAAAInQQQABAIMQQQA5EV6EgvKRg4NtgZeXk4mDgaOJlpVAQNHDw\/Dy8fDw8BfD8MH49sHw8UsBEbF1H\/kAAAAAAAAAAAAWEW3UqNfDYMiWoqOVgZSFQEBAQEAADBFa0cPD8PLx8PAAGBQEFAMAByQHAAckDwAHFEAABxR0AAUADBFH2MTC8mHR5dQAJtABAAIAIBBtAAYRogADABYhENToxMLyxMJAQEBAQEBAQEBAQA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_tot_l4_data_len":271,"flow_min_l4_data_len":20,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00408{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":338790,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"}
00557{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":339518,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AFBWwAABAAwpfMZqCABFAACTelVAAEAGaj3AqGqAwKhqAcNQEu\/9XlZICrRoYFAYGSAErAAAAFvQQwABAFUUQwAYEV6EgvKEgvKBh4WVo\/Dw8PDww\/Tx8AAYFAQUAwAHJAcAByQPAAcUQAAHFHQABQAOEUfYxMLyYdPJ1eTnAAcRbYSC8gAMEVri2NPw+PDy9AAQ0AMAAgAKFKwABhGiAAM="}
00766{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":347614,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"pkt":"AAwpfMZqAFBWwAABCABFAAEwIrtAAIAGgTrAqGoBwKhqgBLvw1AKtGhg\/V5Ws1AY\/5T1dQAAADrQQQABADQQbgAGEaIAAwAWIRDU6MTC8sTCQEBAQEBAQEBAQEAAChGg1Ojk4sXZAAoRodTo5OLF2QDO0AEAAgDIIAEAFiEQ1OjEwvLEwkBAQEBAQEBAQEBAAAYhDyQHAAwRLtHDw\/Dy8fDwAHkhBHTRw8Pw8vHw8NSo18NgyJaio5WBlIVAQEBAQISC8pGDg22Bl5eTiYOBo4mWlUBA1Ojk4sXZQEA90cPD8PLx8PDUqNfDYMiWoqOVgZSFQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAfWvnffDwfQANAC\/Y48Ti2NPB4sMAFgA1AAYRnAS4AAYRnQSwAAYRngS4"}
@@ -16,5 +16,5 @@
01049{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":834282,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"AFBWwAABAAwpfMZqCABFAAH+el1AAEAGaMrAqGqAwKhqAcNQEu\/9XlekCrRr\/1AYJEI2HgAAAAvQUwABAAUkCP8AL9BDAAEAKSQU\/wAAAAAfU0VUIENVUlJFTlQgU0NIRU1BID0gIlNDICAgICAgIgAL0EMAAgAFJAj\/ALHQQwADAKskEQAAAAAAMDAwMDBTUUwwODAyNAAAAAAAAAAAAAEAAAABAAAAIf\/\/\/wAAAAAgICAgICAgICAgIAASTVlEQjJEQiAgICAgICAgICAgAAAAAP8AAQAAAAAAAABVAAAAAAAAAAAAAQAAAAAAgAAAAAAAAADAAQMzAAEAAAAAATEAAAAAAAAAAP8AAAAAAAAAAAAAB01ZREIyREIAAAAAAAAAAAAAAAAAAAAAACzQUgAEACYiBQAGEUkAAAAGIQIkFwAFIR\/xAAUhUAEADCFbAAAAAAAAAAAAH9BTAAQAGSQaBnbQMgCACXHgVAAB0AABBnHw4AAAABbQUwAEABAkG\/8AAAhTQyAgICAgIAAm0FIABAAgIgsABhFJAAQAFiEQ1OjEwvLEwkBAQEBAQEBAQEBAAFnQAwAEAFMkCABkAAAAMDIwMDBTUUxSSTAxRgABAASAAQAAAAAAAAAAAAAAAAAAAAAAAAAgICAgICAgICAgIAASTVlEQjJEQiAgICAgICAgICAgAAAAAP8="}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":898122,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AAwpfMZqAFBWwAABCABFAAAyI31AAIAGgXbAqGoBwKhqgBLvw1AKtGv\/\/V5ZelAY\/M3JNgAAAArQAQABAAQgDg=="}
00485{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":898676,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AFBWwAABAAwpfMZqCABFAABeel9AAEAGamjAqGqAwKhqAcNQEu\/9Xll6CrRsCVAYJEI06gAAACvQUgABACUiDAAGEUkABAAFIRUBABYhENToxMLyxMJAQEBAQEBAQEBAQAAL0AMAAQAFJAj\/"}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_tot_l4_data_len":5399,"flow_min_l4_data_len":20,"flow_max_l4_data_len":683,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test"}

128
test/results/dropbox.pcap.out
View File

@@ -1,7 +1,7 @@
00384{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00522{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":585820,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00415{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":587798,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXZ1AAEAR62rAqDhlwKg4AURcxIcAGvHiYkQ1Anj4iy9yL0J1czE3Q21k"}
@@ -16,9 +16,9 @@
00526{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00526{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00416{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00424{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -33,9 +33,9 @@
00530{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00423{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00419{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00531{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00424{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -50,9 +50,9 @@
00525{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00418{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00526{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00426{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00533{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00426{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}
@@ -67,59 +67,59 @@
00526{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":504810,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"CAAnmO\/hCAAnAERyCABFAAB6FSUAAIARM5fAqDgBwKg4ZcSPRFwAZtwsQQOAbEZyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTYgRUVUIDIwMTYifQ=="}
00418{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":512120,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"CAAnAERyCAAnmO\/hCABFAAAtX+dAAEAR6SHAqDhlwKg4AURcxI8AGfHhYUSAbEaLL3IvQnVzMTdDbWQ="}
00531{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":636911,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FUwAAIARM2vAqDgBwKg4ZcSPRFwAa923RgOAbRWOzuOZuXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNiBFRVQgMjAxNiJ9"}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_tot_l4_data_len":13320,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_tot_l4_data_len":13394,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_tot_l4_data_len":13420,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_tot_l4_data_len":13342,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00784{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":44,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00784{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00437{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00747{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":781825,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_tot_l4_data_len":366,"flow_min_l4_data_len":47,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
00747{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":781825,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
00772{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":39,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00772{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00441{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605583,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605583,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
00599{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645471,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"eJKcD6iO8IQvSpdgCABFAAC0AABAAEARtYHAqAH+wKgBaQA1jU0AoAOWm6aBgAABAAEAAQAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAOwAGAAEAAAHWAEUGbnMtNzczCWF3c2Rucy0zMgNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAbAAAAAQAAHCAAAAOEABJ1AAAAASw="}
00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":44,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00599{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645471,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"eJKcD6iO8IQvSpdgCABFAAC0AABAAEARtYHAqAH+wKgBaQA1jU0AoAOWm6aBgAABAAEAAQAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAOwAGAAEAAAHWAEUGbnMtNzczCWF3c2Rucy0zMgNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAbAAAAAQAAHCAAAAOEABJ1AAAAASw="}
00799{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
00799{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00668{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00668{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00665{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00442{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00732{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":263375,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":44,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
00732{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":263375,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
00668{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673445,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00668{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673445,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
@@ -127,47 +127,47 @@
00665{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":39,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_tot_l4_data_len":1218,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_tot_l4_data_len":638,"flow_min_l4_data_len":47,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_tot_l4_data_len":686,"flow_min_l4_data_len":44,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_tot_l4_data_len":1218,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_tot_l4_data_len":608,"flow_min_l4_data_len":44,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_tot_l4_data_len":1118,"flow_min_l4_data_len":44,"flow_max_l4_data_len":311,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":534592,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":535228,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539748,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539946,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545240,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545589,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":168986,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":170134,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00630{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":506990,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00627{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":507202,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00630{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":513859,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00626{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":514087,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_tot_l4_data_len":513,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_tot_l4_data_len":513,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test"}

8
test/results/dtls.pcap.out
View File

@@ -1,7 +1,7 @@
00381{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00599{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00599{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test"}

10
test/results/dtls2.pcap.out
View File

@@ -1,11 +1,11 @@
00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_tot_l4_data_len":89,"flow_min_l4_data_len":89,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":748597,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_tot_l4_data_len":89,"flow_min_l4_data_len":89,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00474{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":964622,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
00547{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":975796,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
01511{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":332250,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"AAAAjZtQSEb7zh73CABFAANVIjBAAHIRjULUINYnPURumfARzzUDQdzuFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/QPrINelLG7enELoywMmLfG2olv7VWJxKvMqptASfoUAAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"}
00985{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_tot_l4_data_len":1111,"flow_min_l4_data_len":68,"flow_max_l4_data_len":833,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","issuerDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
00997{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","issuerDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
00782{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":353093,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"AAAAjZtQSEb7zh73CABFAAE3XSMAAD8Rx209RG6Z1CDWJ8818BEBI325Fv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEAoPXajyskrpyHTkXbJ8FmL57PBfY\/1TaYT0bzW3Kr\/EpwtXdjHcT+pbN8fPukJ\/mC77+vYOpZWDwhv6Nx\/DWp4Jvn+yqgQnC64Z\/WXIsAN1uH\/RV8WJNBQO\/19cBEfleSZaqoNGsu62Istna8HtfGBMBOW62\/qT4k\/3jE7EIn98BOINebIKb+ueGO2MzhHcT6EOkstFNcsc5W14JWO6dIoA0xAoGASDLKiRftqqbK+uNDPzk7xqyION59r88L7bnvJSephUmgMk9aDR6JDm0Euq5IRA2K\/nrTo7X4CfxJ3dHmr2zBkzimXJBaPSUeHK+7lDt96ihQtzG744bK2Rmtmg=="}
00516{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":355159,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3Y5MAAD8Rwb09RG6Z1CDWJ8818BEAY5VMFP7\/AAAAAAAAAAMAAQEW\/v8AAQAAAAAAAABAmdae2R4Wrb+V6WhwK9Dq82JRkPRlJ1zLvMeBmyoW80TVchkoOoZ+xT5QgxIMaEuKJqU6++RTeS7q5JEifcpBVA=="}
00518{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":573420,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3JpZAAHIRi7rUINYnPURumfARzzUAY7OjFP7\/AAAAAAAAAAQAAQEW\/v8AAQAAAAAAAABAmirY+WsSvTJjrUcGUksCxxC8bx15KwpJKDfXIxtf9hmYnH4fzWhB+IyZOZGqLOiHa\/\/TRA60JKjrE2I17tux7A=="}
@@ -17,5 +17,5 @@
00546{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":269254,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ8X0AAD8RM8E9RG6Z1CDWJ8818BEAdfPJF\/7\/AAEAAAAAAAMAYBsxJbxcmazMF1yZgVTjATb6Zon2xvveF2DtWggeNJLukjO4pdn+D\/5eRo12Wd7\/4LZ3qt\/WbDF9H1pWcnP1HjOf9Qg27QHN1pgBe8RKEE74PJevpF0HOEG9Oj0Qqtc73g=="}
00498{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":484678,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AAAAjZtQSEb7zh73CABFAABpFWtAAHIRnPPUINYnPURumfARzzUAVb+bF\/7\/AAEAAAAAAAQAQEAOtAoAQz3o001yodc3wtrR1khwhq9qQtJWfE5XJAcqfJdAJLX8pS9nHegbomNdxzflcV6TIhGRgTVvDEGTAX0="}
00546{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911706,"pkt_ts_usec":647553,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ2GUAAD8RTNk9RG6Z1CDWJ8818BEAdWojF\/7\/AAEAAAAAAAQAYPlR045oqJCgSMh7ALVP58tRoxRJJZfJelm4LrwIvz5OUnOverhJu\/z67oZASGIM5zE03Z8YpZZX+V95itxyIN8Rawc56lHbJd\/wSy1wkJnsupWPJbKTGAml7J4a\/LW8KA=="}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_tot_l4_data_len":3971,"flow_min_l4_data_len":68,"flow_max_l4_data_len":833,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test"}

10
test/results/dtls_certificate_fragments.pcap.out
View File

@@ -1,11 +1,11 @@
00403{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00832{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":726225,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00476{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":848420,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"}
00861{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":913729,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
02310{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="}
00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_tot_l4_data_len":2136,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00806{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="}
00919{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":85753,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"AAAAp2BiAAAAtzPNCABFAAGSW7NAAD4RrwAKusaVI9I7hpmzrZsBfv3dFv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEADepD\/V3arFOYbwmKE7AyLr8Mlkxjf\/+JALcGEfko94eqwWztTmhz+5MHaC3z2G4vijVYtEU0sNUf4k4UL6wwFhc4ONU9ksZxVeWDxj085t3ouboFjrKqqf+Ez1VEasOR\/SQEHHJBKwmNh7bq+rPqD1Ue7o869xS0Ymdb4H9LtDDNAji6o60xxgjRgSC+FebqYWIv5JnGs2WkXpl3IhmfOFW6W5CEXtUG4NfVmU9IoLdnFP2SU65LWmxaCyTTqkryoC1SLTZLn+hoNIWj\/VtnnGu3nDwz0uOmfkkiYJPNH2dCcUwbCzyPYZumVNhytb8RGLPdT4cTupH4gydkV5dULhT+\/wAAAAAAAAADAAEBFv7\/AAEAAAAAAAAAQH0w1cLD04ZuwDU4bylSo4luvAkRseqvzP1gwxOBxPHlWhFGADtoMC\/32s4rqRyxoBSovKcS+f0vYtpwuRvkYq8="}
00796{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":208505,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"AAAAp2BiAAAAtzPNCABFIAE24VlAAD4RKZYj0juGCrrGla2bmbMBIraNFv7\/AAAAAAAAAAUAsgQAAKYABAAAAAAApgAAAAAAoBc3O+4w23k\/5z8GmKukkbjDMff5rrk7+NToU1SbJXCJnHEd6A2yutLzkCFjPTUj2iskxW+N5pGd\/HbH9Qs0cxkoOl\/FD6MeDKEPJz6HYBc7KVaNKEb2MrMrzg6NpAvMub2j0tEIcZeMLviwl0np+UKk5QdSS7sg2rNtbo06Ti5lD5dlFmfJNUs0h3c6AXI9tTgKknO+3QAfCn9pgzqxmz4U\/v8AAAAAAAAABgABARb+\/wABAAAAAAAAAEAHEaSBn03cC\/XnLHWJ0nYeygw7qpVGF+6b6MyV9BDeZlXEG1sCX1Fbw2CrpWqusRdW\/O4z5WTa6iBvyaiIiXy9"}
@@ -17,5 +17,5 @@
00672{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":387758,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAp2BiAAAAtzPNCABFIADZ4WJAAD4RKeoj0juGCrrGla2bmbMAxbChF\/7\/AAEAAAAAAAEAsKOaNTjAgsTjXGffOf5e6kLpRuzzr7ka\/PR7CUHZuK8VNdXrkV1W06A+1tn0237G0C5cdaB5n5EllSJwXcHb2nHT\/XUVs8pP4enU1DNtdnnoKdnYbPodN01annfE0UbDAiDRUdECfRLF26BsmXy\/cY+9YosZUzWAyy0\/fDAg4rgR9Wf5i9Cz4+JyeHQ+ZRZGSUfakeFjkqX98r9W8mmvznQOaHeKhlpFTuam8Xs3Bt6w"}
00607{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":388073,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"AAAAp2BiAAAAtzPNCABFIACp4WNAAD4RKhkj0juGCrrGla2bmbMAlUz7F\/7\/AAEAAAAAAAIAgF7X9rlHDap9CZLTo4tXGcTqwQ2WiFJEXTqSfAc28aXOrC7SUyG\/BB7vUo+G2AG4V453rc8KT3IGeWmOK1Ytt8oWOXU9OGIN39kkVlMttVkl1sMV+SQQj3ORu402RcTbM1wMCAB\/Q9NpTysQO\/19jKpxELJ4mD0GCGmJxRgN0ChV"}
00714{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":388085,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"AAAAp2BiAAAAtzPNCABFIAD54WRAAD4RKcgj0juGCrrGla2bmbMA5bs6F\/7\/AAEAAAAAAAMA0GXW0AV0AJtu0HPaz6RfzO9CZWHXd94kCiafP4nVscZ0fN+GHYFWd\/lv6OnyFN1LFbq1Hc1un3I8EQgIV9EyEXZymewAmNVoOpK44k\/X58OiRLTx0ka7NyiK8sq6JLUl1H2lAnGTrfQLPNzkrlc7KU7sQx922PVFO2GshX19R+IBXtxhY3LuWx5UHxgtU0Mm+AyZx3mijZlUhGlL7LgNUEQgZvTq+RIFlr5mZGDSlKzsQb3ZBrh4wmALuEwSh0ZOoyYhNEc53O0hzv2UAoIYxmQ="}
00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_tot_l4_data_len":5298,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00146{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test"}

10
test/results/dtls_session_id_and_coockie_both.pcap.out
View File

@@ -1,10 +1,10 @@
00409{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00553{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":775130,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00483{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":786468,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"}
00580{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":813030,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="}
00649{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":833900,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="}
00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_tot_l4_data_len":468,"flow_min_l4_data_len":56,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_tot_l4_data_len":468,"flow_min_l4_data_len":56,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test"}

20
test/results/encrypted_sni.pcap.out
View File

@@ -1,14 +1,14 @@
00390{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01380{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680386,"pkt_ts_usec":576239,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01384{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680387,"pkt_ts_usec":847337,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01378{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680391,"pkt_ts_usec":590254,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test"}

446
test/results/ethereum.pcap.out
View File

@@ -1,63 +1,63 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508362,"pkt_ts_usec":274369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":333871,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":692141,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":272113,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382390,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382655,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382946,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":421473,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422230,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422710,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
01822{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519784,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
00965{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519815,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522823,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522827,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522913,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522958,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523037,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523039,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523109,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523145,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523185,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523327,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523356,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523418,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523420,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00598{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":563748,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="}
00437{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":565857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
@@ -65,17 +65,17 @@
00437{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":566297,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
00426{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":566341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
01103{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":568148,"pkt_caplen":561,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":561,"pkt_l4_len":527,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIjAABAAEAGXj\/AqAG4I570l90ndl+E\/i4wBuq8c4AYECy0dwAAAQEICiLYlHw03AK8Ae0ENFbRMbDoR8q7\/lBVpSLdvQ0ss\/KysYDT3cgeuBsRepnhTempELxTDDzyA+2tnSS3\/ruB2mpEbWEuSedlIoj8Q+\/G+12XRxalYMJALGF\/Er1BufURk5A1YQ9d2FudC\/iAy\/0\/SQgKSDzazWMxd7m1Lzwbt1nkw8ZjTM6FPB2McyXwSH7Wjc1nUQhgSn5LWTODVqRQ+X4PuwvkifJR9XsBkh3VIgyEdaHFX8Yr3KzeLOekLEwSI0yKjH4ZLdpjDM5KKnBhg548bY6D30ay\/BaaMyf58ioyShCmLNSMSsFYyQQfVVYzvtvrZbl6LBsAaCp1QztDCCDI5Nl2M+bjMCsqt67khRdyIfZr+458mG08qKTyjO8oMmjYTZnLSmtS\/VNx\/QIJ5AL1xUckB+Ry3W4m+FfUNCXmhxM8jJ7Q4eEIQ3o0C3wBOm4q5OMhy77zHLV1U8n+1P3lzOlz1qwVcBSZ3c6jcmKjn7wAUE56CQ3m8W6n0IFKPd3C6lqMAp6k49eCxjEMbPCq3GbuLOhnLL0327qOy9StdTswkzKaOg7a3WHDZrriFvESwbOC3lodEcL\/J8VODIzTYk7iMhP3qabE+jkUi6\/1UrkkkLHqBQ7cfZ4aoH5Iqr35Sjr2YB7HO6Wo2LBxq97lA5uIai0r"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_tot_l4_data_len":643,"flow_min_l4_data_len":32,"flow_max_l4_data_len":527,"flow_avg_l4_data_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01175{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":568221,"pkt_caplen":612,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":612,"pkt_l4_len":578,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJWAABAAEAG\/+TAqAG4soDD3N0ydl\/wysJJ+FRpUYAYECwg3gAAAQEICiLYlHxfPQwNAiAEhpkrlQBwH8ddEcq0BdL83Bo3hypa+fGbFwNsVRwx6iJqkT5ihZAS\/ej6odE27zVMZrwBgqFs6p9Y1qpQoG5AV\/xzB4ClP9AB\/3NVdEZa3hbMgtTl1WhChUY7PebrIbb7y7PKnhNG+fKkKEu2x79pMd24HXnzXjog8DrnqEwTWv5KnyKedSGLXPCsTmlzQN0QJEEY6J5nOrHUU8dFU21ucoziHzGqWR5upt8sNYEWXNo6BUoTw\/WutZuGkhbYkbg5yWqRm30izxfOmiC8VyOi\/XMkx2UM3FBf8b0juv8c6D9s\/qC+0wi8mopLq4rc0gMxNoHlt+XzgDmJJFmvryPOV\/VAXW0q9oQMgKbtHFLpFdW31b4pm9vkytbPbkbcxgYGzaDvLEvKf9fu6uiqaksKWf+ZV+QAMMtjZP7GkVhpNpwxIdCnaZadlVVgG5B+NfjFmgFxDlq9z36B5kVcAWPa24LZ\/YDsz5uz6kgth55OzqmUOcrjN0\/VL65\/IbGLyC\/XZeQucYMmUi5JlCrKEYIFZvdF9RFCHhZvdXS1fXnC5BRkGI9NSx1dKmp\/59WBa70i7aYEdFQrwisFND8qlAvWK9W60aDIMUoR\/G\/TpuNnaF7w6dROBlznoePkr7Mlqpx\/UMiw+Y\/vg9yIOdXpZ2b4tI2QpgNHpymKXmH3PbTxBdPmO5c6fcZf5qmOPHf8dq+j7gt1qe6Ulo\/6iuixGxQb"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":32,"flow_max_l4_data_len":578,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00437{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":569557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
00425{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":569615,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
01074{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":571106,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"pkt":"EBMx8Tl2KDc3AG3ICABFAAINAABAAEAGukLAqAG4WSZjIt0wdl+afwcQBAH0FoAYECxDKQAAAQEICiLYlH5fmkPpAdcEgS+qh2jbezyTSBMSn3K2Hympu6ADf5Hlhjv3vVL89xA433ok\/DfJinh\/mQLRmjZUTP2ynwWLoVuXup3DiktHavBeMvYUR1tKgWpIZFgiy8srilONDu7zwe36OziVlsdnfH4gSQevsTp8YzK3HiklBd\/TTzXG41FvrNfXRl0zTEnAkH0BVlO4ojSBnU\/nYt9V2hlnEaW\/mcpIq0oI11JhMcTShgByHbHchSeVwzNObDaAQftXXQb8kI5eimoPm+90BWPKsgBHFRySPtchPOCB8zI9RK+yAUPy9Xy326ZL22UBsRclJLFHStO5RO4HXPST4yDuQFk4\/9KnRJ98AT\/0plbhjnGAl98jUbiaRRduLNzZR1ZinqX7RdydZboE4IDCpbqb1\/g8WPCtd6NaVAQTTJHhSgs0gR2sVCN5w6nQL\/\/j\/IUC5jj+Na3yzuTMzHeG3Tt3xgJylfyrPTRda62GOUBHb2QVvLfiIOpfmrdpm\/RBZkb+8D8agiXAsIHe0qgMJsRKezrpQan7dnp9CRGst2ez5Ikv10YSuFE0HrQSq\/NP8A4+RHCkIvxBxl0tyCYcSeGZkRpLT4Sfg7T1+JOKVVaOIgCBzeXKsNkI\/CCGzGAPItw93RQ="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":32,"flow_max_l4_data_len":505,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":593446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
00425{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":593616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
01122{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":595041,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGO\/TAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AYECw7TwAAAQEICiLYlJWnEIc7Af4E5Ftu7jhsh85mLz6DNdsr0rAu57KuMEEixSIhTUDBiDfVxvICkA5Md\/KKK0k3oE9+USvcqszUqPqZS0YzQ9lY1TT\/7cu3JyyOo6CJXkfDE4lma+SeZys01m9T952LuyvfS48J7XlHZgraHR8cc3n8HM9YAHMsuedtFBG9prv6HDrQGSb03gVP6VxROea7RSYAn+GEuUGG2+5SwvTtMvcBGDkNIFf0+rzM7Vup0UcVtmwoDndxJ\/4\/VfNR50YiBMyCiwTTtO52rPZkFb3MCR7wVc28UdXcwGsfavpyG0m1ZyTVuctUw4csneHOJU0nHt14r4rU0983EE3nyiF4JrC6UWya4O12uL7LPLkqGQJnpWpfiNUK\/CEAiwiZR+8f3CuR\/L9bCfrWwBIJAAZ69SxxRcB85802N1ESA\/KDY5oKA8in0wBWRTMOSh+WJqLWlR0xlxNbRcKueBbcg6sgqnZuuypIrzOe6pkjQ9Y92tWs1UJguFwDFK3aBIqvwRXCHt0IIRtFIjv637tCzfR4kZQX7JDqbOBeRFtA9zcohdcYuHGtI63P8PaY0lv6+B4+xY2kBnmR55inLSnZNGcaFlPXXxfXBf7FGwL4BL3G9JKfxtGcGk\/eaHYb+98xEWv\/CFZwcwGDKxGiTf6dYH3fob6Ul5r+ZFAJ378vDb+ajQc="}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":32,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":629148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZWFAADQGqKWygMPcwKgBuHZf3TL4VGlR8MrEa4AQAOuv4AAAAQEICl89DDMi2JR8"}
00425{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":629323,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z0xAAC0GC+IjnvSXwKgBuHZf3ScG6rxzhP4wH4AQAOvgIwAAAQEICjTcAuUi2JR8"}
01040{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":630141,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH0Z01AAC0GCiEjnvSXwKgBuHZf3ScG6rxzhP4wH4AYAOu1rgAAAQEICjTcAuYi2JR8Ab4EMXzZd\/uUvLzmW9ZAV5ZzOVFA7pd8bUkz3vs9pOmjSoEoCj9YgC8TLhs5Vksnb+FI3PVeEvkGUatxz+WNtzmfIBwncRiahVtuT7mfd7IORkOdlGkB8NArQxmOzyerFVFPC\/bHoXCz7xit8pHK8xBp2JYqmu4WK7mkjpnrswAispYrtwnyj3pqxVWbBI+2cluetz6gddapthJNDXd72gXJl5djVqpyWMCYPYFx2b01TFG4V7+P+EA0tASeizr1co2UR1ptVw\/DKfm8ykJJocYg+2bjHoxuFydYt+0nTjMAil1Oa6f3rw3OUWaeNbse1TSiM7wkiYNhj9o2AYsLpt\/IvHCcT+LVtuN9d\/+sxJeBAoL0S3xzTjmrX7hU8hcBxrXs2FO7MAD2z6QqbXpqXbWX71\/rrboDM41aWuupeREhfei7qxsPvkSwR1tHbKwOag\/aN+T1Pd4lTHZy4wR\/OjjfYaDLrb0TO2K+ecwnlTkZ1h4hvUb1bMIDEQd7XBxOz1G7CBXNx4p\/HYw4\/1RJ+QW8DF\/mMEicohp3oFZBsgk9yGxS\/NGjk7IzMcJksCvqyGUJ8H4RNDq11xJGttLzIQ=="}
@@ -100,7 +100,7 @@
00450{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631311,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABEZWdAADQGqI+ygMPcwKgBuHZf3TL4VGul8MrEa4AYAOuCqwAAAQEICl89DDUi2JR8yjgzdiqPQc3ERKwWeITX2w=="}
01829{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631547,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
00970{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631563,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMc1AACoRgKc056VswKgBuHZfdl8BsY\/7AbVh3gWo8SfsvrDfXBEY37aMXJSMN0uUwOwpyu6B6jgWoyOOeaZfW8p8K7cC87fG39PLVlOFXQ3jYq9vtOfBDX6bH8L6Ud1+tJEwlS7mp2rbZA9sYf1hxy8FHTKGSTs\/AQT5AUT5ATz4TYSKyQxXgnZfgnZfuED5J7sOgSfNlVjTASmSDY7Fy7YY+BpFJY7pXwctWhMJTcOmMj122JoEqWmMFn5AxleLHeL+JqTFgSdcxQ2RnazX+E2EsAmI0YJ2X4J2X7hA9ktwuFCVbr2r\/BglRNLo78e9LIAJZ\/m+C+hWU0f89Bx2rrwMw00HbBQ0vUlGFoe1fvsEkUHUVQGEbKsMLaak+fhNhFBCUN2Cdl6Cdl64QKZAuhr8bhttB8APdDnL12FVc2oOf7Cmm\/Y3npKkXJW9Dwps8lIG5ynIfbmR5Jk+ofa3SNxvldAlmXVUluLeK3z4TYRV1mw0gnZfgnZfuEDCrBy3iaIRw9zhFQbbMZN19+v5HOsBbt3w+xt1mt5PoxBj5B0SHwdUTQM8H\/QXv\/y283eJhY+z4AISqPo+Z4tUhF4WIGA="}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":632239,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00425{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAZAADQGGBVZJmMiwKgBuHZf3TAEAfQWmn8I6YAQAOutFQAAAQEICl+aRBIi2JR+"}
00929{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636299,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGjsAdAADQGFqVZJmMiwKgBuHZf3TAEAfQWmn8I6YAYAOuDtgAAAQEICl+aRBQi2JR+AW0EnJ5fzsMrXil5F8Nzp0mm1VxyUnRV4T1BIpSe7g\/E+N1+2lOs2frTyI+5SasLlRq0wjMhTCMALlCbFANK41nr2v4Z79x7xApLXqyuhIn7JVZKANCoIQgB5XzMFBS3\/9BwBFlShd95WOJ793tKi4K8LADeuSMgN\/pTabWcosjb3YZxWK+Lelc5YxLmfSxxFV9wWC7K6QvbU4KIrj5QFQAU5ACvFqXM4\/TthkOFXySYa1VxvNxosb+NXuTtu\/Fd9s44Tdg8r8LdTpzNdFab8G6yuG8\/5jbZ0Dd++JWkhXSwwcGUPRLHC9h1W+HzQIiqPE81khvY2cPK5ki4+\/OM9fouJhdymaaFoZa7urm3VDxCiasFi\/gMlYembXYGLrd9qaxggLy0jGI88Elgd1UOyRdOpdPm1a0rFZnwViGwedGd9B6RVOn2JNV8VgXBFHz+LBSpuyNETHRaxkFJOaNldk3X52Z9UGGF2WftC9d\/lg=="}
@@ -113,14 +113,14 @@
00438{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":646518,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
00427{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":646622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
01050{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":647922,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH+AABAAEAGM1PAqAG4ovOgU90ldl\/qeq6zu+0RD4AYECxhVgAAAQEICiLYlMd1Z9P7AcgERo6ealhQS2J+mLynCbY1Hy1VHiXXjBEF5aZwYGsb1SkyTi2BlJLR9jlm5o9Yd4cS3KEoVJoAklWjbSq92M\/MxJ5i\/czl+D12\/rOTJp4IahyydQsdmxoEz+gZK86QtII\/+oGTj+U6VBaWExPYNq+C5V6TyVuHtDJDL3Y5atSFV0vzcy50rbayLeR0ayU7X+skthxj17LZfPA8iwm2c0WQGrMZnTOZhZMrFs3qwxnotfISDwNhBYVpVFhbc8xQauW4yRaREul0OeSJjKTRqmwVmJi81T4w2q2ijNkQBElUV02KdBr8fSu0sAI3MZj7mpO0vMclcJzVexbpn6a8CFqneMX9Apb9+9fepGMwGi2Sd\/qVXR7MMB6XN2e01TGbAUdypeN4yE4FkNu0ytSmPuRSqOixZkDpRu9orcap45t0\/IY5QKnvZ4vGh7T9AxgZLVBMyYJQoDqPZmcYhAb0Uox6lV8OBTYagrByVt\/zHKwHf0wIQ3a1Tgn6QQRhkbselkN+OOVMLmPmzwgCPNNnMubc940pqhI+cDCqm\/aqRhGmY62LP3sI4ch0mQOjJP0GeE96z1UuxyRqXNxQ46lB5SewRzVYwD3TBZA="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_tot_l4_data_len":606,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":151,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01834{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":649773,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="}
00972{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650052,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
01841{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650675,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9MdRAACoRfig056VswKgBuHZfdl8EKRKyNhMNoVpKai\/zY6JtPK148+n8O0oeVuWetq0EUGeIZ+RtfSVG+aSj2EjmgE\/VzJtID8hcsMA0vo5I3RXPomPj3yUethvOHViNcPLofHHgt6Et2w\/V\/IZQwikbIBWnB9DTAQT5A7z5A7T4TYSAADOMgnZfgnZfuECzAedbnywh7LLXCkndomTntsSUpeaU+X6fjJnfrZQaB1R+H8I82rjSB7H8uOb2MmX2h8Eh6LA0rwKGlGg4GwHK+E2EItltD4JSCIJSCLhAV7xweLkhFnsF60oz420o\/7aRuvQDfeaR5dpY3JYLjsX+vIbrgixVpsHDBYr8HpBMbqyvQppwqy4HYepbXQ439vhNhLmcKfiCdl+Cdl+4QIpjJmS5Gps58YQUc3o0wkmgpBHEx1gDORbTV1rWIFwK7dVIOGdwy7ueFkd0ebURyFnWaX56rb2vwE00TcZVQc\/4TYRYYyPigm\/xgm\/xuECpd\/dXqwhUtMXwMPm+u9hAJuGJB0TlNeJH\/rhwYyfJLba1YjqffEkcEK\/elP06ULgIs+MSln0Dqh5H+5kYnNGk+E2EZc\/gMIKdZ4KdZ7hAeuBt+eVpr\/lD6zfG4rQPZ1zeBes7bOJwSykdL6ML2QKv452iWFBJMIYyvlNFnq\/\/C00h2CuZ\/anhkV9S20AZY\/hNhDTCDYuCdl+Cdl+4QLBhjnLjpcFxFmfKTcMgokq3D+uNpAukzphlJv9fJvmZpMDVt4vA7QCl\/tQeO6YywXwxPSo5mqDxT4Mhw84RQzb4TYREt8O8gnZfgnZfuEDIng59WZjTY84Fc4kJnGTPNYzt3nnlhEfJGfnOrlC6yoc7pGIyxRJAuIHlFFkehfT\/MZnQKZAPAlW4w64AegZe+E2EJox0OIJ2X4J2X7hAUcnvye\/EDV8yhpr44tuNjcH1iKn9VgwhEfiCj6tWu2I48UyT\/1NGoVARZK9OdquCOZ6CApHQbW+DYNgMbETGWvhNhANdcHOCdl+Cdl+4QD\/UX2IqmKGVR1qU9QsLqb3KjV3UDG2NojB8dIr7Jri2pn3jv\/+bXP6J9JPk1pIlWnrC4\/MFYoxS2N4EW\/3JczX4TYTOvRBhgnZfgnZfuEDSgII3zWEN0R4iExLhys3S9YgXOxu2LLtFpLUyUOie168aVDZZDdIBkFFi9sbcxATorv1KnwQmEOhtDobrFgpZ+E2E1YVu74J2X4J2X7hAOuWZ6O0wzMscIvV20fKJ6imvL0uabNom7Rtt3\/mq1Yc\/cUISC095aLfdfnNtvPxS8fkoG\/ogbmJFfhJwViVFH\/hNhC9cJiiCdnOCdnO4QGKt2+KrFMp40sLt\/0+vqoO+7cd+LGeqSI3nARXhQPO7oSmSUrCcwDSYZBC7QsBPfwF6JwXzHNJha7yydiKEG9+EXhYgYA=="}
00971{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":651426,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMdVAACoRgJ8056VswKgBuHZfdl8BsWtYNy\/hj5gk8D7Qb9lhdkjiXuUss1RO4UI6kATznWWyDqOMchQJpCnqSV674XgLJ5rYR9PaOEhT48beQDu03i7VZVNxX8nv2G6qMXRfP0\/h3IH3SU3lIC1bxcXTs3w00ZHeAQT5AUT5ATz4TYQi3xdYglIIglIIuEDVG9dFjWMC0aHQ4vqnlKYK0gcQOne9YNbF01KJqjowzmQZQVcpjdSvYUQ2oIynqEm3wQCNB+a8ozVymcPr6iYo+E2En1nK6YJ2YIJ2YLhANx7lUx+IU5K\/T0hlFB\/0kJV+5Mpc43wZst9aIXFLC3h2rT7jqKAorAWccnKDf3zh0thGd+rgV1dnqgKCM26ALPhNhFnd2oWCdmCCdmC4QFU0BpRJJdzLAqOeJ+LAjuBufhPi0BPM5VRHqi1HMHWSXj+rjd73LjnWjILlW20x3ZLEJfz2+7zut8KH8MBENo34TYRZKAXhgnZfgnZfuECPxq5\/\/aZwdoEnw4F66ja2vzoSmIIUuIfx7Q3gAQliMJDvmV1wYTJr3\/S152jKmk+KnQJu72UByI1G35q3AZ9bhF4WIGA="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":654361,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":655558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0tVBAACcGoaMi\/xdxwKgBuHZf3TMrXBsHHvlGKYAQAOuT7wAAAQEICqcQh3si2JSV"}
00973{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657661,"pkt_caplen":468,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":468,"pkt_l4_len":434,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHGtVFAACcGoBAi\/xdxwKgBuHZf3TMrXBsHHvlGKYAYAOsCCwAAAQEICqcQh3wi2JSVAZAENpARAs4gLKabLp0D6Y3Nyp\/GQ9Kz6V06NMSPQOKv3s9Ejuvu0WkofnnoeHbu8ZeqAb3RapSJwXVNMkmZlJB7T5N8BMeBtnaSaRRVqYAB1mZYcujkK0QQ\/gjskze8v11lDscXXcxVmVKvoEBO2fdb15qhRf5yVLm+55brffXQVKwdLSoZKXhOX2lTtT\/cXJTctoLowqgfdEJqRaZjfdoozad0DBG5GDaLM8mlOshCHR9zCDEGPBfXOkHyDrgJz\/QzLxeX2qTwvvp4nNk5MZD7M9fxyO8Is+tDxSOgA5h02FSPo58jFXIjlCJ52F3cGJYjqyDCLJ7ocE42DZiwALTPlUhui69KIZO\/jGhXYvljZAr\/wIKDF+g6slDfzXufd+XlO7X6Z4pR7IcDGZd\/qJRB3udbzPsAABo+UqXwr8ujaGoqzr4KzhLqvRzgDLIbN3hwRJsT+nNmIX4FXoAPgVnMevSofHWKf8aQK8cWo4WGWVBHyJix3Cz83Bf8Ca2LbFuzYHy1c8enEjfCI1Xsb5iW"}
00472{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657663,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUtVJAACcGoYEi\/xdxwKgBuHZf3TMrXByZHvlGKYAYAOtT8AAAAQEICqcQh3wi2JSVmzR\/Z2r4JlLZOXsyzI3ghD22rwaNEB4McRzPEE97aVw="}
@@ -134,28 +134,28 @@
00427{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657801,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UYpK1wcvIAQEB6CywAAAQEICiLYlNCnEId8"}
00438{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657828,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00426{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659294,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00964{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659971,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="}
00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_tot_l4_data_len":543,"flow_min_l4_data_len":32,"flow_max_l4_data_len":427,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":667606,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
00428{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":667656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
00438{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":668680,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
00428{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":668739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
01006{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":669552,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHhAABAAEAG4ZbAqAG4QipS9t0kdl9\/aKJoI\/mFeYAYECzM0QAAAQEICiLYlNkdkmB\/AasE+v2aCVNnM9qWpvTSHLoErqBLg3QSZ\/tMLN0zJwbq9Mu7q3VJWJNHr1heAKUFIH6bvGaLiNrFnIPCKtgOScwiTFw54GiWDntwJGw8S+My1sqbWwD5rVIxP74gpnGytj6O4F8rmrsyuiCsm77q8dfz211MKn3j7YhZmMWRYURZRdJFY51v9X7khyKovEo46VYW2jGC6GVtWcTrDZDFJYn1e7LsFlaqQaxOYfrD2tz9VK5oXG6zm+eA7MB4mCMofI9yaMLuWFfMklNuksZWQffmLOkkjvu+JeHXPBtaXcMyG6VQPZJt5vhTrK\/7tBIlYl8s5ITS6No1RpH0BgIPXt+46ugXdA5HzKZGb0lj1Jqo7E5sc7dPngrn9FSmEo456JbHmmJNKy0g4v\/k7zERy0mVrS+SUdpPvt6FhVgG960MG14DOtzVo3TIF3qyoLS+K3GzC41yovcXuYwGLCbuyXph1W5BQKu1Xl8AY3quLjxp+IoaGsJALixRryGkpmUSIIsbwWErVFKVYiLqsRpD+6+H6II578lFsF0CkB8cpISbWAjzV02hsEOVgzK4"}
00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_tot_l4_data_len":577,"flow_min_l4_data_len":32,"flow_max_l4_data_len":461,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00999{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":670234,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHZAABAAEAGB0rAqAG4MyY8T901dl\/qiNMYvMNKmYAYECzM5gAAAQEICiLYlNphOp2qAaME5oGp5GvmHIWgGGU93Sb4NHYjusUApM6sRP5i8qY+HzhQdCIFLnndrt7Lyb35ijFh\/RKRZMveJjaTrvg07LR7B4kXgNNmDCnZ2mleUCoqai5pRFszdTaWzaDsM4Q3Wpw7y0J8UpUFV6JX3TRY81kn1wATSI1nzIaZiu8M7z9ugzT1Bhp5p5TFxbdeYQO6JrfMV4SRpyBXU0Rr7lBPIIFGiWnTkFtnxAhgodqQRFvRwZqLnZCsgQbUsh0fSXnkXvrGai3JM75BbyPWqwTWuWiqsasopvi+xYlm0p3aCAgHFYfwBoK2+KEvTZF1a6IBLF7ajmDeyzfdyjRL\/4Fdv1tddrUHTtxiT94TQMGrf7w+6PD94c1BvIA\/tb\/lxk1wzuF9hyaRwsvRsoh5iUSYTluqLNaUZEyWxIttTdFdUw+4KtjnqIaaVDrFEF2xOF4vZXkHdM6Nz+NtV7XrL5ILFjgViwhX3DPu4RTPwZeAt0lPJnUpfywRheWctZ\/iNqYU3QdkPrFOAx1inq1ZAUdz9ftjWvMI+49unsEi+QuvIeQbOJO4fA=="}
00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_tot_l4_data_len":569,"flow_min_l4_data_len":32,"flow_max_l4_data_len":453,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00757{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681522,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEksAhAADQGFyNZJmMiwKgBuHZf3TAEAfWFmn8I6YAYAOsQnAAAAQEICl+aRF4i2JS8xcqDUka6Nv2S2Ufz6z\/Pc4tUOEiP2qX35MgcMm\/FRcBI1j4Q8LC7QUcc9JL\/Yw3KyGBqgE03yu+YnYklie4xu7Al3VM2TQGz54\/LgRl0\/Ie5C27Q8ysWIDe7ZEW+uiq4a95fxvQnunVacIlTA0Gpw4J+oGybZovq+Rk5DJxjUmwrb8Uy6Vt0\/oPrb6yV5\/MR+SZ8DsrePdRSAl65pGEVkjyYpKbSgRz1ChT52ZoUU2vYtyjxLRwORKHS28j300fvx67g0QIGEmJy4CquA1lMx31OufL1tZusRvGCS1tl8+mE6ykfwjozXV8dBrI12PHz"}
00427{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAlAADQGGBJZJmMiwKgBuHZf3TAEAfZ1mn8JmYAQAOupewAAAQEICl+aRF8i2JS8"}
00427{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwmZBAH2dYAQEBmaJQAAAQEICiLYlOVfmkRe"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":682687,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
01939{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694292,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
00865{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694327,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":697110,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":712647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0yT1AADEGTrEzJjxPwKgBuHZf3TW8w0qZ6ojUvYAQAOtzCwAAAQEICmE6ncsi2JTa"}
00894{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713144,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGIyT5AADEGTVwzJjxPwKgBuHZf3TW8w0qZ6ojUvYAYAOtDVgAAAQEICmE6ncwi2JTaAVIE8c7Hq5ONAC4\/R2UmKB+pU3BBRCUeN9Cf5BBGHA+DoxS5SlI8U1u9j1H\/Y6CPLI4CRb+QFrsBclsPm\/KPU8JGQ1PynzKCnLAbak\/y2NGwmkePHs5rBh3R\/svTp7gcODQvsx1GMGLb8NwXSqyq2TMPyRpALl4do7TzwQpS6\/oaQzuDJL7vKkXZCUpMHN9DzjKKtai0sGnk+UkdFANSwlkBNNqC+BT2y6l6Shhfb9N\/55qoJNa194yfobhSGIAfxWSiPLsr5nymVKt2pEr1UBCKdPVL1MuYJnHXYMe8bOk1sJheVDBy9HmLvMGdALare0q2EpYk6wQ2UQmQfCfytF+5t3VD6nmV9Sw\/ZolMbiG7RNZPrX9QpLN0iruDeaUP1mdoXnny5MTe+Ri3+7MMAPL9D0gEgvEZ83RmXs+HaypXwnsJDNkI6JVcRk5X\/ta4EMMxjg=="}
00471{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713190,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUyT9AADEGTo8zJjxPwKgBuHZf3TW8w0vt6ojUvYAYAOuWGwAAAQEICmE6ncwi2JTaDKbYTK0e7YzAyq8CJTCkEPjRnlZmQ1Ln\/nt1w+7tb0U="}
@@ -167,38 +167,38 @@
00429{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMDoAQECBiNgAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMEIAQECBiNAAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMLoAQEB9iFwAAAQEICiLYlQRhOp3M"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":714836,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00440{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717778,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00428{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
01096{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":719135,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIeAABAAEAGNTbAqAG4aCrZGd0jdl\/sFGYjIWK3YYAYEAln5wAAAQEICiLYlQnu0q\/IAegEP2pezgVKWt8J8LrduXpDyCo1FSJyTyJ5lbbH7EMZGv5G3Ivb1Abhvkw0dCEBVV6UxMSYllHcXVIlysO4yRAJrD5b3f1+VOKSoFLSg1WcmxxEFO5pnU9HGIUQEJOaDwrvCvMmNd\/GyeuIehvlbz29a4IXVRSSdhfjxmtwfJH+UkHpQ4uA18eIcetGchNx7gI7Oz0jMukXSf6+fHPd5WzMA+QkRtKtiOA\/Ie9P0PHPpHyImbvmHyYsAnQAyF4U1Vv15ymELSbMPh6zJQBf6IEP1\/CsQtKLagSDJKpl3a0jUjZwfj\/oq5+fdfqdkyAe+2Dk+tJ3lqwB+Dn4UKkYaFJ02\/UB95EcD\/zFU66a5SFkLQDvY3+vcobTa\/lD7OTd6xDAWEFP2BjNtfPoRyhVmxGgL4bywwcRwT6f1g2LccJsDy4U775nSR0Ycq1gnFsOfvC1Y9DaUuFcWbL7Z3JghsVJzD7MutydGKoI2UvduWqCdBRnpaAxRMcAZl5TC\/i+u2g5IW+pDMOuiS2ibZEmMWOlF4ZWAnJCS4GUFO1bcjbhwDALyFMTF0NZdpp8BmB793G\/lfe5Ar+ZIMVJs8CawDm2xKMURTt++U3mblRrsMZgCuWrzMqnUgZd5lFo1bOfVXFU2qOsmJmGig=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_tot_l4_data_len":638,"flow_min_l4_data_len":32,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01830{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729181,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
00970{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729798,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":732443,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751141,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00426{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
01080{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":752659,"pkt_caplen":545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":545,"pkt_l4_len":511,"pkt":"EBMx8Tl2KDc3AG3ICABFAAITAABAAEAG8arAqAG4MyZRtN04dl9aLQCWZAevFoAYECzuoQAAAQEICiLYlSeBHInXAd0EVrOafIpouoTHB+BW2z3Lrv3HnCw2ZQBRlgf\/19WqTwFOA04VbQy1wFUS6HAgPfHy8NaOV77ZdRJTSAq8L7x6Kw4II\/hUO4r9f51nr5zJtR+NmQtihw\/oG2toqeE2gmxFBm\/FJEAZ3BhAyklgcpYoSgeZNb37AeD8R7SxXsV96FZAMTuwUePPPwvKLx3F3XQBJXGqmL8ZZ4kHijHRXepMXtDyrqQ3dHLW36bgCyBffbPJwK11VIZBOg1ZO\/6QcCJyM8WU+cI0sTPBasm4PzbCQgYhaSkC8C0ehkpBDkbMoXij9k0WKFOVrIEsyZ\/24n+unHUtTe\/yYV6dUpEywFRJGupzIBFEQIrlJ+R7y5h8fxbPkC6UiykbmNIdFoDGxOiSYBL3yeK7GSTvjks9NeQTQC1eqeVk6U54EyDTlZ2t2cddwvBBj+fMzUkesX+MlQsGkokjFLEpHTsTH4jgy5EiQVvgHqBHad7G9fBM4q3K7UQYmh0hkSGogPuWCsrTo\/YkV2pbe8nJuLqnzRBnEBsCwsw9rDIf0YsG5\/lfaKRt7lzM\/aZlRjLHsqGkZkpqrfD7R6MXqp\/xig+JCvg0MFvDNMp3tp3C7Lm+dgS5zbrMV4EKIIIpgqxAKcHEra4="}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_tot_l4_data_len":627,"flow_min_l4_data_len":32,"flow_max_l4_data_len":511,"flow_avg_l4_data_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01936{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773663,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
00864{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773700,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":776411,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784751,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00429{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784843,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00440{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
00426{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
01038{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786351,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH2AABAAEAGnE7AqAG4NOelbN0qdl\/FC\/g0LI3M54AYEAnlyAAAAQEICiLYlUhgPx7\/AcAEc2W5VRvDPnxC6ZNXtTyqjCYGMJUjTmjJUOUKnKosvUpjeLi1KBD9Gl0SpSGXIrkNn6C7KE279Sjg7DOSGoDz87EyUEGvUMFz5FN+U0r31bAICZnXfuq0lc9rs1kf7bNjD+ORYtLIa4UJy8enNIxPAk4HwvA+3rJiQq7bf0vBIBgSlJaEL3OkbL6PMcsY6AytCbHWwQNUqzrVKw1VPJ77xU02+dwqjsZ\/lrg1uD03lNKdyEFlGJ02BeF4E8JPm\/1hoH9nxyZ0rAyA+9TJoUNufqAtqvXZoNVAIn3u4I4vwUfjQ0cH1zU1rdHXu\/0AdLT00gIkyCjc+K8qB8caufkR1jWmZQjBGcjUMPyICieFwbw7o7SC+pa398OX2A5zUFoYFrbYryFapSZRoXkA7E7gSEMsgt4gzjFWaFDjtj0gQrWn4v5OEC3H13NYTU9aT1O3BBZjFDrxgPl5OXj6YzFyTFts2likup6YT33hM88mz1kg95ej\/aoS7kzfOq0iUWTyXKiVppXe0XEz6KhMTO1k\/fmz1CFkehBQ4QXp9fBwcm3bhXe0dq1V80Nq7Aur5aw8K3KW7Z98W\/5G+9OrMGYD"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_tot_l4_data_len":598,"flow_min_l4_data_len":32,"flow_max_l4_data_len":482,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01126{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":787529,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGE7PAqAG4v+qixt0sdl9ft67BaRBwQoAYEAly\/gAAAQEICiLYlUk0GJnqAf4EJhKzdp5pxVQQvZobp5kh+TMF4U\/9E6m1Jb+siU6axKLN+2ZwcIbYufIaN4E1lBtRBxLO\/\/\/3u1CE3oPIXdiN07AhovNAxOgbgENvj3edoo4ICQLGTlBtFbWMvxdBfO+HD5jIH45SObfWIcb0dqjhtOZEdT3CoklJ2b3tMaa5KvkuVFfHwBlaXTwwgAmPHK7s0eXQe17EcT1aCvqSjCCMCCT+8SLinZlW5+mC2pjasEK2OxNuBI9ZU1j\/06qGWR\/mX19XFBQ564nSx\/vZTcv\/LDr5JZ6kVv6ACGrzgDr5ZcOBAIhv+jXwCEpZbzb5mHOVCBb2xQgQNYdfe9BePtcJjPpI\/ZB3+k3+QqRRnAqJCUvrgjfrhnoqBfnZz5Aa92zocc1VuRRwDtWXxF6l4MKhV+YtgjJTQMR2GaI4A4rUu32gdoJ92BBS2gyGJsovefVT5Lp18y4Ggu4XPQZFm31kOhjJGWGyFISukDajIOMlmXuuoktRIYXDsDK+FqGiTLBkTzEuq\/nOQwqHWqUVQv7AtprM8kmJpux9joitBQ9HjtTajRaKcZg4FiAWJsOi0hTrrxXvZLdMGiwPpOvIgWPKH9\/e48WCSCXXeAUIHyszHT55IhnBxoUaDb3mbTerDdH5IGQYH\/H3dqim9yRTiafMm4+oArTm0GJNE7en8qQ="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":32,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":789015,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
00426{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":789130,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
01034{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":790328,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHuAABAAEAGRx\/AqAG4UpHc+d05dl+ffKVTRZ1E3oAYECw2hgAAAQEICiLYlUuGNr5sAbgE+BmJLzoAbqRJcy4E\/iNtAFtLgtXpllstBclKEt5AnMXYGDdphSPJ1KIQvJTGf+9D1\/uw8EOSSNaNpRNmhN1YpzqwBB+UfOM9qX2vrU3G1YJxG2RZPME5ZUZk\/kgeZ7rIiOnYRKx6kWFUUnLZ8OsoDa3t8bX5X+9+dwsMEQyO6lSJzX\/dEyWFv6AJN2hdOJnpLC472Lu7+E2LUrGhQLC+Emyq1jOnKhDSFttfS00NHmPXwFrclYGDOLl9k+5+G3D529p9EZ6wbdj7Qz\/oRYRnaEpr2ctyJRZdjfnsWEEKb1qoRibikyw5j02Xg59M6viqKIkVIPCRQt5JerVtVIirhv22Km\/aNWFPejNJFLRRr5rwcZVcBqS+S\/tv6ngY\/ko\/\/k2gl4+\/KFrzspSi5aYNJ9t7ke+vJICy6PdG4QxxH8dkPVUkP3dIi1tg77kY0whwnoK1RAs9h5hFL1uTlk2FcOdFu2a7OtIJV6Hxt7a0VtuZleF1M98V0iWkzUB3MBf18p1iVLiMtvw\/17+Q+Xu8T9F2B88ZHPhzy4V1FQfIWioA8cFKRqsn9i6ldmWM9imMP1gRI2YqEw=="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_tot_l4_data_len":590,"flow_min_l4_data_len":32,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":799543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZZAADIGtYai86BTwKgBuHZf3SW77REP6nqwfYAQAOuzMQAAAQEICnVn1Hci2JTH"}
00884{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":802654,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGDjZdAADIGtDai86BTwKgBuHZf3SW77REP6nqwfYAYAOt4rwAAAQEICnVn1Hgi2JTHAU0EtOpNEU5HOqta1IKk18cALBRNcNUFMt8\/jxWo6k\/x5CorwhdPLVmQmNw8ugr4Zh17jmZPWmFySs5ZXDvCgd+0DxCZZEj8TRvVM6jxF9q+sW4rHYfhTpuT9igIFzKihq093rVp7rqxpaYjYBVje5XLKeNJ1a4G7hB2SaB4\/jOn3Mag\/GmrvNb4FEsg1nEC+VvcjwsLs4QQLjC1bCIdi9DDtP3r8Mg\/p8GzBIsZzS5uU3wI1zKdIxeD5NqRKZttCcW7Dk57pViocAhVxd4LM1DM9n4kMZYzZa8E8f5xqxv2Hyjnusgn3zYuHdnQKCnwOeD4d3Zmea4EwdO\/bt+9cJsZke2RAS5x2ARVFIWTIom2fKkFWTJ3LtK0mH0G3Acut64vrZEGl9CUh0glARF+seri0f0wpCvERLhP4VLFB7huEB4f+\/x6rkEoYcLf+1s="}
00427{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":802745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qerB9u+0SXoAQECGiGwAAAQEICiLYlVd1Z9R4"}
@@ -210,7 +210,7 @@
00438{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":817367,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
00426{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":817435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
01017{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":819362,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHjAABAAEAGvfHAqAG4KEOQgN02dl98bCWTRvcd0YAYEAkbTwAAAQEICiLYlWZyLMYFAa0Ey5AJp+rqiYui2XJhTnXZBJkH5XqkpqhKXB9q3N\/UBg6aH0ITAIzQTYh41Z0vqIfdNbFjI2M7A8sN9PUiSu8TV5Cs64LQASrBDQCF8MVxSCPGNQ6BEWmSENswxL8ceRJOueTfy5OvLaHSA7FXRwT+XvNykJjth+MvcIxmFGydmjSa4fyssivk0NkecLBk\/LbiDmJu2BTeTgoXHjKEDMg87SrK1iTUWixOVjx7O2MGaELLaKpspEqTGl9xj2HeqWUHMVWd9V+dS7Y+56TCK0GPSragl2QnRf7VlQlCvw0\/MZ7iu\/AW4\/XSWDzw2rHMxbRtGn+M7VSLcDq\/Qe7Z+lWYwJUFWb9o71ZK\/rbouY4G6\/cjr45B\/iiKv9hR4avvCTKzqULT9xMbKgm+cd4Qnn+lpk7BKcksqIBdq8OmF8WO5boWxQBTm85Nir2n\/K5LqPNW5ucu43bvpiH+URwIIGtOBSqDWbESlgX5+Lt+RVXXjyMMA\/ixkSucsRdGQOvHXlsG2vz5qqJ9X2NATbeDunAC77oN2Jcn0vlr5Y\/q51yA38qsdLYzTxhlrKEm+sQ="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_tot_l4_data_len":579,"flow_min_l4_data_len":32,"flow_max_l4_data_len":463,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":822285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EGtAAC8GR9kD0S1PwKgBuHZf3TTdrvLTmxdW8YAQAOtVRwAAAQEICk6VEKsi2JTS"}
01066{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823015,"pkt_caplen":536,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":536,"pkt_l4_len":502,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIKEGxAAC8GRgID0S1PwKgBuHZf3TTdrvLTmxdW8YAYAOu8qQAAAQEICk6VEKwi2JTSAdQEXW6fVgBGyC8ytrEu4ahZmzF\/xFp9QwNg0DSZ\/+M3wczRKpcxqDPKDwbh6lmGx\/l8m1tkcHNypK0UkKl9xFFfGk+x16UgGgOagXkQFc\/e2JXSUHr91\/ldo5U2nO8vfuURLkPkbD2bH4exu01h2kbp8sshYe6sqlQvHgK4\/pW7if2MoEZbGLVNd5sqXOkW\/9+k4PwFSd9eUc4UqThcJJ7UUk72teDjvy7RzkR\/BHxpUyoCAAp8B1eOd5xOUze9dRSGd4DRQdAn1pjNFI5u1KqC9Zl3OqgNuHsUizLJpc6vgwGXEb0JJYwnUCFjO4Ti8NTfDWOsfNsPB6TQYWhGE46mNIHxHYhZcVmtYiD02WDSYGQ+DqRnICN+9Xl3Unw+pzahKEM7pC6V73xolfQKn06XQrbqAlu6vesrHaZljcaUMMRPMRyXY2U48YpGHTkraaJGC3DvFAv96kuvKclPBqVlBmrPkatpSQt8PYP5BwIvfVd0fjawIdAJfDAoOJmvCKVYsF5QdYLy+cTxJnrLLst0iGEj9LhZFLs\/JqXGXQOicB0AvCarFpl0nM4bePy6LgAB7A1Y5p1U2WPXdjHuDKh86I61tiUO3VCmdaDwbpT3k8JQLYU="}
00426{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1bx3a70qYAQEB1DqAAAAQEICiLYlWhOlRCs"}
@@ -224,10 +224,10 @@
00427{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1bx3a70zIAQEBxDhQAAAQEICiLYlWlOlRCs"}
00439{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00426{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823597,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":824682,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
01152{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":825302,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAG94PAqAG4EopsQ90udl8TbQysLsAz7oAYECykNwAAAQEICiLYlWqmusMwAhEE9VEMnxi7\/+u3S\/7SD265WwXEe4fwDjOiQLsVOQxpxalSy7LlsUK4AEo+a1Qu54SdJYKUHtZVjJeiTzpaNscMEPnLhkYVoH1ZsfMM3SzSNckPwo27vBvsTXbvepFdGGfyt6oFIMjfApJBdBhKGuhBHU6KYxOnBPvkfjAzhNAEG9ZOct\/f9PMzeR\/3HfpP\/\/foRU+R\/UwxyK3KsOUDV7ivmQnjXPHpshdWKhSI2CmV4f4t9S2wPNhYMZFG90t1+c8FUX4hZ8IJSblZ1Hw\/xRVdy1XIr79XD\/YbXUlCbMbQSwpyRMeybOWZ\/3FFKK4\/m072RVgcU5vgNs2kQIANqMn50n9GdB1kT5VpcmbfktccGTcPpL5cqtUiHf9rj39T3mWxv4q8GrISLBQTR\/tbUOSXcuAGYHTUa5PLnQdiQlMB2NU3XarTCVXOKj2xulN5GvsPX5Wy2aKOHMGmdrt9tRWyzeNSeOUUMuTlnroJDaW6hq8\/QtG57+o9cfcesHmgUsKpYao1qZUd8lFRvDjla17QhLWfcHO9Zm9qK6x9TBb29EZ6\/QlYYuy+Jy9TbYE\/LjA7KJU9R0TdX0NGBywzUrgAwjm8rFolFhr0dTH8CYc1zYL1wnwny0ezNRkgVRVqWSfxkV4mnKvCfyi9XKSx7Th9OnlEAk6m8Cg8tenmIjIAm6NyXqFCsVFiylc5ACi9wAUl"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_tot_l4_data_len":679,"flow_min_l4_data_len":32,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":829266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JQ9AACsG43ozJlG0wKgBuHZf3ThkB68WWi0CdYAQAOuoBwAAAQEICoEcihsi2JUn"}
01028{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831143,"pkt_caplen":505,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":505,"pkt_l4_len":471,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHrJRBAACsG4cIzJlG0wKgBuHZf3ThkB68WWi0CdYAYAOvEVgAAAQEICoEcih0i2JUnAbUEk0KGjGJagFndDHA+KKn\/VT1eyvRKqxKxxDSpqq4SVF+jceeNADw9hBltpVnuSWdtx30sbXMrmNc3T2yLX8HmLwXp\/8+qe\/ygamYBh3Lsyf+jiEa7m2phZOC4kk5HUe2I2MKDjEAHD5GSQQ1TnqmGYY+zsNs+WR8YozLHUxRxhmEIeJ3JRf8x+zquQBVBl9TtmswUlJzqOdYvRgVRIuXSRwL+EA6JMGXT2b2MX7cMdU5NEz+sJ4HXZdrStbJRnFH71Bjp8\/fpbKfH1sj8YoFjAomgdmqjt9bYgxIuPcygXTdO\/mX+8\/xcfkMErpSk7dXHIjMiyrFbfHWCgomfQ+aLFikQRHEXStTxYHNLMlm63EaK6+KF7LrRwJWMM5c2AQ8qGQehDwIi0\/KIU8\/cvQqRIr1KXuPGw4u2ptD\/VnVJk6FtFK\/iKM5LLbGqvhd+xToDZpw+Luxesthj8TWfghI\/l25AnpL8wjtrSxCW46XDTmiaybEccYzTi0NjYmlj5sFB9LnjnUuat7RzCmsIqpprwPZxPNGFDEUjs8wgnuepKDZeMVqg6Q5IyYUOCeMB9NW4tK6f8A=="}
00439{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831187,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
@@ -241,19 +241,19 @@
00427{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew7oAQEB2WswAAAQEICiLYlW+BHIod"}
00427{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew8IAQEB2WsAAAAQEICiLYlW+BHIoe"}
00428{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew\/YAQEByWpAAAAQEICiLYlW+BHIoe"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":832618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
01071{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":833343,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"pkt":"EBMx8Tl2KDc3AG3ICABFAAILAABAAEAGEufAqAG4EopRHN0vdl8VNVkc\/BYyhoAYECzL6gAAAQEICiLYlXFjgYkbAdUEwUIR9YgFXZ9yiOt5YBH4UtFaqA+cwIzRVHYokt1jt3NSo7VChRqaTps9paUa0ngH25xMfgJbcuBsMxxTxgihIKn5VUXXgWDlNYyvU0KlT1bNUEI4mKZzhEJdNwjpMn9paKBWzu2LEMjx6bLou4eS13z\/nVxfNlGL0J7vv8\/wC8YQ1+XvQyGDWq4sjQibEugRViJciB03P97SSio3NTS6h9JYGoEfM9nybcbgUflDrSQcxM3wZhLR4RyXHFofiZ6ItK5WZXSq5pX\/rioqKS6rjD\/Od8+ItIp1Os0RxmLLf4DWm4\/UMEN2gFSO\/\/Glty20yCOSCBOfFj8FNpqoruWb3E+P4CmQ2C\/teNBBz+h3griSFolu7EDV7zs7SLm4DR4ICIyHvtuOPkeooGrl0tep6tLaxHM2ZkQOiUJRKu+5pHwHgHmEbBncVaLwnhxRCP51iVfM2TEGdhOXmZNW\/1FyvH8rso8UOfKabPq7CXCpZK38otIKu601tzRMGFOYwWIHKFmd+rKAZ\/NBoZt\/6W8POfwll5vHjI\/FLep7U77tKANlUam924r9s1XPKaPkH9fxcGGux9IUOJRyhmfvWk\/b8yyfBvntIhfV4oqnCZvlQGRKNPXA"}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_tot_l4_data_len":619,"flow_min_l4_data_len":32,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841546,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
00425{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841574,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05dtAADEGDGhCKlL2wKgBuHZf3SQj+YV5f2ikFYAQAOvH9gAAAQEICh2SYKIi2JTZ"}
00426{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
01063{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":842889,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGqBTAqAG4ImGsFt0pdl+dmoUSxN8e8IAYECxvWAAAAQEICiLYlXoxzJM4AdYEGJveRyADLBVKMZahhxe8iy1nCsj88Hn+VCI1ZhH8ThkexIjKZ+gJYRQs9Q8gp0SxRWzlL5srOK7RHQgSezx5G\/2f5opTn8gDQbkYtGhwjaig5UGd3nYCtNjo3pCCtFwvkRTzqXD7Iq0dJgNpjddTaYtUSbwkACumo05BayrfheKfTdJBPJv4f77938XoB3wVQGi3+4i8FyBVBEotI1MXCvmmdMMeptmcfZ638VllMi0Rh\/VHNdjByLP5DCJhUbASWlNYq5nTN81l9oBtm6tpK0e3U71XqFmOUBgwsvscezKqJuaS5SLLWDm62tco9F1i1T9deAc+xWYOLh7B6+BPGVCW7OEK8VzLykyjEaYVNul1gMC2i3lEUxgxdhUIarKuBtjTCTnBpAdiTrbyqCyJlcP0ujLYSllDh2QJQBwLFgJXajMxYFrZusLYdYxpnC5ZIRBdqu5jmEILq8DKiERj97BbSqTxBqUCTYFh1W1cas7gmieavik5Md879U6gYGowC2B7ISqaHTDHCsFSbiSBCOT7MR0EUftgrHLkMPUsSHLzSBZIFPQ+IShfvCynVEtzTumRCr7JCgLWeSyeJC88QEtbW4KnuAEA7XeI0LoSYPB0KbF1Ag=="}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_tot_l4_data_len":620,"flow_min_l4_data_len":32,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":862022,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
00426{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":862123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
01205{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":863419,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJyAABAAEAGZe7AqAG4pRZrId0idl9zKqG0Z0WM+YAYECyyoAAAAQEICiLYlY41gVUZAjwEBrdPJBbCQwcUaoZCxDis5JSdEax7zMEY4YCdFlAa+2wwGZZ36EDRJsHY24RNDnZBxeFf8+ZYUch2Et7cUHdOXQEUZ47rnkJZmX28hwqPmsvMZwp0u4SsCwU6fDyp5wu3oIPprKqawSO0UwnZY+qOmAlywjHywDySvCmDcdQBHBAbqXg1hFaS6Zu0Yt+EmQ2SXgRv2lskxE+IPCMqlp61qCZ1mhCMgaLwif0PE0IsCA4Ty7TRHTNw\/Hf6TDCrt1\/nHIlW8gmA4jbsBJFZ4LZ+iMrFvWSd\/WoyRpQV7SWRTmpkcyOKLkF6tl2IFdeTTulP3ebUqN6EVnU5au\/BAs41oHA62GK8cobjDyWi2CyTt1aND9UoQFP0l7rB\/ErpMTMKRLEA5Zuwomefcbzmr4te87Tw9oCQCNhAjDwdIOGYD+SpHBB5ILy+9YGqT5Ex3m8DlQTlIggLKSRs4in1kBUBXdUsd9iqqai5H1KXm240BSureCWGelR7oXdvMDpi3zozgae51NiLBIgx+gMQ\/e3lL4W8nVto\/mof3tKTtt98bkiqwWDH6qvnYvhbhiVFm07CuKqLpWNU9Wcgx5kxbwBbKPXf9Fq8ZzDEoB3F1fq1U+75d3yGrfUh2hXruV2WlkO+1dSAMLYM1d7nPwWFt7EhOMM+7PK06co\/LVWapNmiFCLOcJVyBl2rRvFJ1I02w1KAIchuBZOnx1S0yzLXBGNEPLiUxKE4kHe89VgmIYEJ7MA7FceloAWK1TcFJQ=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_tot_l4_data_len":722,"flow_min_l4_data_len":32,"flow_max_l4_data_len":606,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00997{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866266,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHa+qFAADMGWYlSkdz5wKgBuHZf3TlFnUTen3ynDYAYAOuFtQAAAQEICoY2vn8i2JVLAaQEbR9vA4hTDZTsaicm3PEQBs1j86Mycfx789yK5+er465ZfyX2n+nTL58MP0xXLKumuX4y77o14\/toVQMmgRjref+Li68nmPtzUmRtU6SEiahbKo37gS4o3M3QF24kGfey3mNBMKT5ToCRQ39nsVmniGV9g4P5ptNKDWJzjosVv\/EszkgGjDts7d78DQ7fT2aF320kValLQcix2tmbKmAHJjMXNvalPWdBFatY1S3SuGiGT248si4LQvX2LhXcMwMNmjXWSm+ZhyVJ6x8N4c0v5VGlJ7q7w0O\/iX79IUfl+TWI9iG4W1vhAosinoYpiMwZUIL688QZo6IvsuhRlPxz0382tUcXd4nr9U3qtZtBw1pnwLKQfkYdchFHLfW+8mV04ZtHZwqSa5CSmB5Qb8duMliiUFy\/ljj65J7vDVtz5fgIwfuLnqtVvR40aKApzo0dLBcVMhz+ay0+xMwy7aRazAp8CHMTMyNk1SJCyHuFy0f5ZZoRQToG5brr9QqeDUfXm1EDXAoRlASzdmea2bev430tJ6icFbvR+n7dpGFOdQOcJeM="}
00427{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKcNRZ1GhIAQEB5RUAAAAQEICiLYlZCGNr5\/"}
00471{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866929,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABU+qJAADMGWw5Skdz5wKgBuHZf3TlFnUaEn3ynDYAYAOtuJAAAAQEICoY2vn8i2JVLnLL1gX77HRpC9TPLOTpMrB\/B6hvFFwZfZ0YjLMCkpx8="}
@@ -268,7 +268,7 @@
00439{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":877648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
00427{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":877742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
01143{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":879259,"pkt_caplen":591,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":591,"pkt_l4_len":557,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJBAABAAEAGcoDAqAG4NLvPG90tdl\/U+mmBz3e59oAYEAlUFAAAAQEICiLYlZtvJb2EAgsE6xKTJBXQxsEIcblA8YWuGBlX2edvBfmPvBZkXHaWRp91epP7e4iIONLEkPKzPxV9IOyZHZcedpL6hYw6wInQoYlx+hppv0waMgIBWmLSTCfvWNetW7\/ShUyZAVcQPqGlZUEdnS87glSJu0TjWVcFlCwUtszBLcpoYlQWRo\/JA5Lg76kyqjO6Ew9RRl57E\/yW7YtcGLE4hzf+4phnzIJI0qrFMHBpdQYxL+0XdAiCPBejALuRJfF4GROCFL+9u7bkhR\/8x6fIWCuqxQwaWHSEHNT+nyNtVkKO\/Co5BQTXYH8NLkO3b\/3\/ef6RaOw7ll3BNFwWjwgG6whXD97UbkJQCwYvADJVjzMFiFI\/D7TLzirbinSeAkcosvdm2jW32UZLF7aFimYj7b3YKrZ5DITIlum52kZX7HdRz2dcxrT2fJRY662FpzIpDKESYgeKbNSTcDvE6lq71DP3omqTEMVuNWaobDW0\/GQ5t\/dJ6+hwQ+f3oDrVu8NtN3eJOI26wZA2QllfeJCTOYHtrV9Au5kIisZW34dRuE82YwceXJObXdwZaKBzuEMB\/dJ7R7IxdUFSfdzKeDDCom1eoEJTWquldifuxur8RpRxD978Rcw\/UDm06vv\/O4ldRcSmuf6+DQmMtWQeCRT8Z0D3nVHJ5Apy5nUhPndFWebhn8oNQ3OVevgEP4m5NWDATyCX"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_tot_l4_data_len":673,"flow_min_l4_data_len":32,"flow_max_l4_data_len":557,"flow_avg_l4_data_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0y95AACMGiEFoKtkZwKgBuHZf3SMhYrdh7BRoDYAQAfqZdwAAAQEICu7SsIki2JUJ"}
01059{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920350,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIHy99AACMGhm1oKtkZwKgBuHZf3SMhYrdh7BRoDYAYAfoG8gAAAQEICu7SsIoi2JUJAdEECf3\/gUaB196qa5SKbq61ayfaRe5YPi8bE8Z\/ruIusKnunXdyfMLWFFhxkiakm151gYheppOQ5HLhbk4iradZvSQB6VCqdwqs6JGGEKaSbZM3Iq79iKwwWiMAUxlmy6uoYLlsjCUWoBbR1crrDSvda72I74SsPY+FZJJSCwuTPYehunpr0iWeFd54jsoRHCEkLOWvlP1bWj\/1YdQT5oBMQYb58z3HoHcluozQ1LMUl9QwiD0rin9C7jneWOQLIX6pAUH2ZANTLnj9zWQfyjRQXu\/x6yxujquPe0jie3d3nIQ05+1PMEQwhTIcZWNfr+fzsA0dc54uUkPBRf9WWgHc8Tb23z7FvzW8hnnQnWKaC8VhQB0PKZtQMtoFmlPJo8WsiKfXWyw6XemOIP9as83AKzCms0jG2YgRhhr2FGHAWOrX\/1H8dkm2z+M6MXDod0rpfBNzviq0kGLLbhlmtuih9+X71QTPS9IEszBwHqPMz8qLqIf2XLyLWNy0L+IaZhjfRLVg1rEGsLODLQWnw4FYBhCXawM8AeJKjP6Ei1no4LRv9WTnY\/y2WulLwAKTb4B1ZGjpOdKco70HMG0C8rRdK2+WWwx7sn8XKbxVKJZ4pbU="}
00472{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920375,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUy+BAACMGiB9oKtkZwKgBuHZf3SMhYrk07BRoDYAYAfrC\/AAAAQEICu7SsIsi2JUJ6mDqKlOK0qjZ8Js5u+lMMkh6tR1OPY\/JYhy6CX7L5ec="}
@@ -280,16 +280,16 @@
00447{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920578,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBy+NAACMGiC9oKtkZwKgBuHZf3SMhYrlX7BRoDYAYAfofVgAAAQEICu7SsIsi2JUJridXwKMiLkho+m7GyQ=="}
00429{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5V4AQD\/6IwQAAAQEICiLYlcPu0rCL"}
00429{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5ZIAQD\/6ItAAAAQEICiLYlcPu0rCL"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":922060,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00711{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924422,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEjZhAADIGtLSi86BTwKgBuHZf3SW77RJe6nqwfYAYAOsoBgAAAQEICnVn1Q8i2JVXqB4IhOXyDkG7gf4wVue1YBFCV\/+yw6M8jA+kibTv3mtjlRHP9tP8c4lZMHx4Bnj7mMHTlL3Za4w7RRGZo8UUWGTgaOZ8JOqKt7XBLl7t5KWgTNCjGVv3RUP6yr0BVUHzhnpspLE08nXhRp8eeEgMQsae0889yLYtd+IUmq6Pe66E5ioWd5V9CkIGXfzLzJydx6Pqnbs79okijpwxi3jn33pSoE12UO5sqd1y+ayd3FqVRJPuM8YUW0R+3V2bORENbDuTDn4j9PpTkJU+JkYd9A=="}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZlAADIGtYOi86BTwKgBuHZf3SW77RMu6nqxGoAQAOuvTAAAAQEICnVn1RAi2JVX"}
00428{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qerEtu+0TLoAQEBufmwAAAQEICiLYlcZ1Z9UP"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924936,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":925232,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00426{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":930055,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P7RAACgGl+woQ5CAwKgBuHZf3TZG9x3RfGwnQoAQAOutlAAAAQEICnIsxqEi2JVm"}
01003{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931019,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHbP7VAACgGlkQoQ5CAwKgBuHZf3TZG9x3RfGwnQoAYAOtYugAAAQEICnIsxqIi2JVmAaUEJ+RTTNaKeJ49mHQgWlpVTQRI5VG48UZGnvDZ\/AXr1VILVQ9O1idwrzt6K2OMjJS9o1PVpWsNbIc8MH3IjByixnPI9KaVPx8mXNul5rqpONyNvE5D5QWT7QN6E6ROgZb3VBBaBChGxjDzgiqHf4VZq6+uTHnRLiTmJu\/tJBvVpuLS74tvdGNWf\/ih9Lb59or8oIye9cnRXq6QxNeqRegxacdxpmNvHnOsH1xYtvZd1gtIbMggtewyo1Dn1VrEUGaLZ8YIgei0fI80M4TI9+xxREWwNuy6j\/qfWcyHp\/IioJKoTY5PMyJ4KJhV4tkpllur+NCk6tolE+JLCfz3+kzwQONUkKz1790S6eJjaC9wtPHxoSqGiRezES8T+hj3cweRz44i07e\/5U6uMQTy\/OLpemir\/+Cx4TKBoObiU1Pv90jumuEPVRu+IkyCniPJGlxWCVp4cTWCCZ14UgcAQOxJs8PBSt9FMlUREzy6Wh9d+m6VtVXDspOi\/YN\/Wdg+ar21s9AW80kk5yvRk7Bz32Y5TzOnIe31AHyU8KXllbzRMJWOieG4"}
00471{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931064,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUP7ZAACgGl8ooQ5CAwKgBuHZf3TZG9x94fGwnQoAYAOt\/8QAAAQEICnIsxqIi2JVmT9YL9qHOr0+NjibtWyjL3KtIFwbnBG9OdvuZeHcpAyg="}
@@ -303,20 +303,20 @@
00432{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932136,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGv5\/AqAG4KEOQgN02dl98bCdiRvcfuYAYEAC0BAAAAQEICiLYlc1yLMaj6A=="}
00438{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932308,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00428{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932939,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
01215{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":933835,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJvAABAAEAGgj7AqAG4n8tUH906dl\/csM+sa1tl\/oAYECyPNwAAAQEICiLYlc5PeKo9AjkEpygvnKchHo\/9hxvr5Qw+iboZdo3f3SG7EZvjwd7w\/2cK9Gmp6AB3QTgV0ZKNW3oRtB3OCMj3x8Ruf4hglrPOR8z4gDspichx80Fp3Ii29HmJSooT1ooAwg7QLR5ppOcGiZ0Jee4UwPmXpUCT\/zV+YSxP5MVCiOEH7pByreL9e7s\/NcDeXys4Mo2BRac\/Ej9PResGlgyJh+9FLsXYSx4qZZuwqVCSJSb2XvfEsdTUfWxG\/mlGpGgpf5whPWlAfSz7Oe20c\/f0EdzfgDI9NJpGEjPOBSos\/GuZ0hM9rufVviW2svr975inq+J81tRJ\/ITe1XewQv7g8Xh3dCaSK53YZfjTdmQ2lPtSUaUAWxaD6y7+1W9M79N28CR4hwLEamR83zpLpjhCprS98oS2yZdyQPypaWCSL5+Dc9PGnt860mDm3PmEP69QRVGEgjznQxs7cNWxBeOK2RmYlLOQN6jQA2jxoF\/oOCb3wnN1p\/QyoRd9SyLYwvhPzKpqx\/ZWP+rDLa4sxoTk+7shWb5NDLqplnmJeSxdK+pu7BT4hkAgCMiXUcfj11g2f1fEAf\/z0KfvHYTs3\/pLisnKePFZSFhM458MqwFxoShf1p5bn+un+y25Fcp4W5\/WlRb3XNf8hqwLrfEM7l5rzvGHXMjE7r9jYvWo\/\/uhbuPEvG4FWDxInlL42CndUL+cc9p0TJmh5wXFTY7uBRbaL2JUuah2gQ9\/kEYy1FwIdqoxyM5d3V9+KLYteT7hmCs\/\/g=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_tot_l4_data_len":719,"flow_min_l4_data_len":32,"flow_max_l4_data_len":603,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01836{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":954898,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="}
00976{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":954930,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="}
00439{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":957524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
00427{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":957613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
00995{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":958746,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGs\/zAqAG40frwzd0+dl+Qvtts\/4NIR4AYECw\/fgAAAQEICiLYleYN8FcJAZ0E+FMyZM6APP7oCGTdgWb3yFwhYBpKGGdHxVs6\/WFawsMKFTP1GE4bS9ZGKitYFI6X9SczYGK34fv33vN7bwOoHuDLSEmFepT6qKIXU0o52LpqO4\/\/S4iCaTUFZU25DlJm7rKyaYiQUNQs188t1MgWKQJll9l7A5c36CcJV13HcpT4uHcO11tQbpUDfAmYHf8g91oohYLCK840wTh1pzwjGdFtPtKPIlkFk1I1KlhfXLsnea7v1Q\/ShXbNxFHOeNcmQxZQK\/djTCT5xFTl26m5hPRLr7bo6oEShkma0QAzk7dx4oLmxs6xdhraZ8\/KLIrywgGOsqHtYNCAN1bYwBrh3O3VymK8Mc6Id82RS+1OENrFg+MVBhmQrqzd8EKkdPY62PYyc6nFRZKHWeOUieBs0SzBcjgQMxcKSxChYDCR9Zj7HIJe0hUt2Ra0u2gRnlW5LF\/F99KO80qZeqJg+U5xv2dN3bWuOXucPVSSrR7+GQvchgofcyhiHymQaVedRTSwqM+Y31quk7elIGo9u8xUlOwxOWWPvJhRHhOVBQ=="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_tot_l4_data_len":563,"flow_min_l4_data_len":32,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":990287,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
00427{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":990409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
00991{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":991987,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHRAABAAEAGtkLAqAG4ouQdoN07dl+4t7BeC326f4AYECwyYQAAAQEICiLYlgTR1xFdAZsErzFRgvu+Gdxcx8TKMVxCghDEriO47E5WudgBJPwgVI5ZeUhIj6FWmZ5GxS3JxEI3bBsCNxoaNNpP01hxoKhEu1EuvoxJRf5XfcTJIGw\/MFwRUJh4HL6kR\/jn34l+sva7q\/WyBXlKzPvIRyzywJ1liXjzmxWKe2id5RSlSAow7T5WvtdWiKAb+nXnc7dkjdSjBSKUZ4TTMkO3IjWL+SKI\/3RSCrRnVPtjGYzAFMfVqRv\/uMD1bNp7y4KZ3\/jk3dviqla0NKL26oQNWkRx\/4lRibAA6HeaPLM5EgArtMUSv2WSdh06L9cv5SBvdr6sXpVDgCmt\/IBu9wB4E3kRd31zpdiB6YpVP1mIQgvvYH4AkT0mp2\/8YiSPGmkCB87975cUeLvFeYmvzgoEFASJ+ko3QR3ID+97V6SPEWW2uHZrMaeTrekStj9bkslYH4ydQQHK94CwkhOvMVHIWadQZJ822MSClpsnqpeC4mc3YVT5mKjjEGKet7TUkOlxYVXovRKIKlxDSNSeRJrI\/fo4Rx5zBxDCYkf5z665yx0="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_tot_l4_data_len":561,"flow_min_l4_data_len":32,"flow_max_l4_data_len":445,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":998772,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZbFAADIGXerR+vDNwKgBuHZf3T7\/g0hHkL7dC4AQAOvJnAAAAQEICg3wVyoi2JXm"}
01100{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":1817,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIiZbJAADIGW\/vR+vDNwKgBuHZf3T7\/g0hHkL7dC4AYAOtU1wAAAQEICg3wVysi2JXmAewEZ3rJYy5TecuiIy3XEDhQ2Fh\/p0n16XYdHvXBIJ8wmpzivfvAodiwowe\/A7raxpXDHqMKDPBHC53xQRHlWvyCaxe\/lWDir7EUBFWqp5qCUI9N\/Rio3ahiSFpNGg\/TR4VRCc0d9E0bTgVGXuTeaLwDWREpaICBTIg2Vou36U+p1PhzznGD6AM43RVAXUFm9Tgp1ROGSh+7MYDQ5G3mpABJzE8tqqMNpZRgs6HRdZhoR0SDrWJE2Kd9vKRXwOXI3Be\/7jYGHTQ0u51lh+piAiwaGesjhSvwZig27ANkQPwB0l5kWFPbeySsC1G1FTnML47diFj9gqJOnQ+N9B3twRgbVncaoLKWAavqDxqGpWBH3Tiv0BgwRqKsaJG5SGS7hiAgHdN9qBT5e6QedELa3hMMMC+5oS9wDHMFWCvmdtEt9dRQl8zF5G\/NJg0SlIyAuD3+L2sh55H1PrYUjPcO8vxhdovWjVWt\/uCK3QXqi1tMv03XSq3eIVhqv3kyzQlvYtGSecflQ\/axOqJ71Q3zx9wfZVMQisQmhPgAOdfvw82j3RsR\/9tIDilwyCwswGi25WEegWC3WWr8BJOl1cgHkaqHpRsAiDMSrLxOWAJ5Qww4YFwg0cdp+\/VuJQE5BAKHKB1FCeFKyb8se4TXbL8="}
00425{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":1888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvt0L\/4NKNYAQEBy4VQAAAQEICiLYlg0N8Fcr"}
@@ -350,18 +350,18 @@
00446{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8448,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBxttAAC0GYcq\/6qLGwKgBuHZf3SxpEHIwX7ewwYAYAfoeswAAAQEICjQYmu8i2JVJfTDJzPSuNlS9oWrX0A=="}
00426{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByMIAQD\/56dQAAAQEICiLYlhI0GJrv"}
00426{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByPYAQD\/56aAAAAQEICiLYlhI0GJrv"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":9842,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":21490,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":29590,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":38942,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00437{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00425{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
01167{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":40566,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGbWXAqAG4kFt4h91Bdl90OGLiKZdnp4AYECxqYwAAAQEICiLYli\/bhaVwAhoEqFEYWui6uaX1mTBG6rJ\/8JvXZeblYDaaKyL0iuOXiWEObGPARK82c8HTtYWWLQhhxAruLAGbxlpr9w7TvDfbVeP\/MRkgtRzc5TCtFameRcH+B+d7AFEdB4usVsU0ck8Wb5F0ikKql9UW81QbaWN2PMkJOtgVoarvJIHAhzBLIMaYXnbzlDS7VFeGTtrkaBEoCBjrBqk+AkezR\/Nv3w+HC14Kwvf\/W78CAyl6tSH14ZXV93iy7UvEP9oI+Ek9ILiFD\/ZpJgcmi1zQM+EiwWSa0UhsLPO0bS19vUIkPVsCN7VcyuAZ\/eQu2gCAFOMbcpKjM406IQF3RzQI+8St0zhrFWneji\/DwmDDltFKqKXlAW5Xi0Is6il2pY2wLukNaMGuMfoWKdNwka5Cdi1A+QGqyacgXhvTr6TyEIs+C2yw3v+D8HjPpBDWFBSwbb\/\/jdzQhUCBfp8WIW8dYat+PUpqCGdtySVtdUgDhcrRLC0kDe8LnTZEtKIGm7bqd0RsDfIgzD\/S+QZ\/Bas4wLL0si7aVjq9NydSlEwtjb2sMaxkzhwLEwQboe7wi\/mqzaFljgD8Odc2h6DZ+tfjfIP5ovETNkHB5GsyBR8lqa6f\/uD8LjuBKbJodrD8U3CVN197WCmu7PxSO96wloa6Y\/pq\/M4Hq\/lbP\/tqWBDOMzwjyvfhDX+w+gI69UUFWFhcCTkTEO51RjRg4K\/eHL3m"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_tot_l4_data_len":688,"flow_min_l4_data_len":32,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":41341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0z6lAADQGwM+fy1QfwKgBuHZf3TprW2X+3LDR54AQAOw5ggAAAQEICk94qlgi2JXO"}
01119{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":43166,"pkt_caplen":579,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":579,"pkt_l4_len":545,"pkt":"KDc3AG3IEBMx8Tl2CABFAAI1z6pAADQGvs2fy1QfwKgBuHZf3TprW2X+3LDR54AYAOz4IQAAAQEICk94qlgi2JXOAf8Ea4ImeDT2hlTJdW87oL0+drKtPIBVOQCw5+PKK\/xYCt6d76q9BAtBfxtUvOshsWGHFaBML0EbkVruevkx07WZJRdFwQg6onEzckMhT+SwhMtlffvPhYmTfrnMo4qGqEaKn+kH4HG2kZno2v77xMuGOuA7rxkPYbjkCRJx6WsG3TCokIYpdURE9maqAmoJYnI84eILglL0LEsWFqJqKpEM5U7V6KmT\/72ozF3awawbgD0MAVzoKgD7\/3rVencsSVhd8SD5Edl5ZOPpJcbhLd7r81PdHEWUxXp3Kswn07UwofGh4TX6vfoQwm1IgmGMVdo4vNP4cPqUocHXp9VAUu\/sM4KiclPuaPiiMREswcF5XMoybUP5gUDTNhjwQq5ZYXEFIWYd9LMyPxUHTaSIQnz1tgBoRrFSBIG5iIUXKuBu72STXUBM6VZP1prjqPmcIqsxtC6YaJBg3fubgFvUWc31WjmW0q27TxcLjboX4ozHEMgDBAhWBZ3jPgOPWOtXJKYM\/z0+JfCdx2fCyfpZXo2pLqafxIxTAgi8\/n0BmW8YLaN6YJfK89tWmUlAaF55tt1BjktVLG52FGtxEeUUpExEFr3mKYmjLGLcn9\/uG++KGbKmeUoLn7l7mqIlhpbfjoQ7bP+upqgpwPL4+j7tPW4q+PautAM632KoI0d7yzni"}
00427{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":43220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csNHna1tn\/4AQEBsn8AAAAQEICiLYljBPeKpY"}
@@ -373,17 +373,17 @@
00471{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44194,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUz6tAADQGwK2fy1QfwKgBuHZf3TprW2f\/3LDR54AYAOylrgAAAQEICk94qlgi2JXOJ+pFvqCq2VJlu7F2z8Fq0p0vzt4GVNN645NbvcgqCuU="}
00427{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csNKXa1toH4AQEBonIAAAAQEICiLYljFPeKpY"}
00430{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44303,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1z6xAADQGwMufy1QfwKgBuHZf3TprW2gf3LDR54AYAOwXWAAAAQEICk94qlgi2JXOIA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":45064,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00438{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00427{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63889,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
01137{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65166,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI9AABAAEAGu+DAqAG4Etunn90\/dl9+5\/UfX8vPzIAYECwSKQAAAQEICiLYlkYSyYNbAgcExEL6k7iDCmvDnLTJQ493cMoyN1vB35yNoXPALiSuhgaS7ozJbRQbYOIH3P2cKiRvQXZnyi4u4Lw9Z+qm430tq6fsEdocQZExsicq33nFabONqvhhdUCa\/Ycdml2wvn5dpDCXVB9DNlrFeOeFE91jSn+\/t\/1SEOuxaQXmtjOwaQ1rpHIUzUgqbMGDk2Xf\/clHNIrP+8dybicogNvvQdnfbOpGdx1BoT0UQ\/cJXLKng37Bgj1WiAiOYJXJZa8JBRrhcHue5nPxDIJBjNepGAEan7DM7ryaKTAgOvU\/Di6OjPj6R7ouWTk82ibH7ElOw1FPPG5org7fTBskGPYN2GwayBKfWJqhgX9Gm1oPuX1X+g+ulBxYo6+kcnIZf2UWtLkGazBcTymT3ikMsPJcAOx6Ez506cWe12f8KbpoTZUvcT+X1eAJbGBrWT7DguMC80iDihkY\/yzY\/n3QuAZq24LNcyxoBP\/uCwVTm8qaMGfmyat1VRjTTPpp+Fj+UiG42oX6jN4ArwZ513sZwkaDYmzIysegLaM5r3\/zIAY5u9dqFaz0kd9hCdidoGIQ0QsFKfLzcRD16xeZ1Z2WCedBAjFbCQYMbcXNCoLuX9swWHUyq5fABYOQJH2AbDJ3jx4sK0iNO0HqAWR0fuWK4AaZIlse6PDKjcaLDe4h\/7OZqPG8cMv39kbM44A="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_tot_l4_data_len":669,"flow_min_l4_data_len":32,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00437{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65326,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
00425{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
00625{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65549,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00994{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":66752,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGuazAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAYECxOmwAAAQEICiLYlkcLgra+AZ0EfDFSBUJ6d0+2D0oST02\/uFUlU5RNbQ3HbgqvvNxJKs0OzpHFikNJND1E67AmEorBEgaJseJj+vhGZlyE+Dle+PraWO9mbRrzmtxOgCJZV4CSArT5OQKw2v896ro2qDbOnZCIAxVnAVC9t9odXFYn7H\/gYvVHuaUln5s5mZ4HQ1T8d9T9DiC9L0hrnW5hBxNsN9G8mAOE9jI8ne8sU1Ju3PpSmoLGYt\/2tMKQdKr3b6JvR46ryyF\/ggTQgDOWO+\/\/u7PHJ2w89w4U4HzsOVMmyycVcHql5kvxMaP2MLZBCuWAGfiQvP4NDhOCYJsjW3VrG5K2Se593uQZXIKHtw8sp3F8iPUqyZjRQzR+LL2nJieUq1Y8MfHd1XPGtuFN0votDo3t4Nr7vKG+x0dyopQ8vTOADKbE6V90Y1PkWCGFKzm\/uPJTFa3gZOK8RWQ3Hw7nJYtcfP6Oj2jq2M\/rl54gn8L6crAUrrqlXOvZvOmxqzmJqV2JMCHrRSAFnh\/3FkjCShQBU8f8\/+NikG8L2AStayI0zrPhTf67SIngfA=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_tot_l4_data_len":563,"flow_min_l4_data_len":32,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":68441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nAdAADQG33mQW3iHwKgBuHZf3UEpl2endDhk\/oAQAOuyXAAAAQEICtuFpY4i2JYv"}
00868{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":70537,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF4nAhAADQG3jSQW3iHwKgBuHZf3UEpl2endDhk\/oAYAOtPmAAAAQEICtuFpZAi2JYvAUIESXuPYkJdnA\/CZFdhgBAAQtUX15B6DCXuzDqnZftI8v2UfukN+j0ZKLKND9611k0yd+cQoBrvik6pa0PTCGNuokXiAm5QbGDT\/sOq2TsXHlaRxuYtW4V\/62NEEGYjvyW4IVBXO67uIVSG\/vwgJgnILegoyco7IJx6Q8WTcegO6Wpps6uGe5qxjajcN5q4VoLvRLDCBkuMQ+gNuyOMFg4hFO88v7\/BaZBaOb5HZnrvGsLyS2NBce8nrnTKfjNnjvra5wy0uLrf4EkRXun93WrneUlxwyh9Xwg3PdOeP\/F3JqQg8szGZ0FMwXioq0mOpYAMx9iiAXsmdInBDI\/SldNnIc3qvJQqDulANBYFXINDax92JBX51mQ9tj5oaZZ43WGzmCX9g0auTWVK1mimetm8cGl3trX3RqsynNq+tKvQbVRs"}
00425{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":70640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGT+KZdo64AQECGhxQAAAQEICiLYlkrbhaWQ"}
@@ -395,7 +395,7 @@
00437{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":74018,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
00425{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":74135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
01063{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":75281,"pkt_caplen":535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":535,"pkt_l4_len":501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIJAABAAEAGppnAqAG4sj4dt91Ddl+W2yuEDuN8z4AYECyHqwAAAQEICiLYlk7DycEqAdME6NVpajcosq6RM49EGro7mYWbbbLNPN0MLR8kLHZfx0gRuQ1caCQe4U0yUSQ4FqRJFTruoIMfMjaKuB5qGb42uaZfwZcyKyxvWHFQhDs3V1cVuKsNQi9FwM92VgquU08\/I7P7tp\/yUr\/C7VdnIVV6LXyRXLY8SD6SKG8OONIDAfnYGALwXTqYNdb7hmCLjNzLez2AQTXSY0BU6PRI6I+6Xrh5qM1Dxp+uimk1eyS3NPJv+CNAfyRBfI2fRVz0Rx8+c5jquClOTtxiybAEqmdUQtmzluB0+8XEtBbdaCEUu8\/nPQGFeFM8TaJX0fehgXJmCID7QO\/ZOjjty5w+lJljUWbiQnS82Tv7ClrXA5YBJUCb7hPWdEY7D5Cr5tFcy3pQmxdYpUDw3iHqF6ZtLpJBxTh1nAmgVEIzc6Ngf22J6TZ9R35GKyScLBTruRS2zqaCP8fx5W6gqUU8sykz7bsuYPbkz+JXFT0+wtH6sOTjWji6hB8VrfktEi+dELlD8HfujNk3V1tLfHGnF6YOPbmxMRvTb1sUSfnNi2Xggbyo9qfg0\/SGNRxxb1dRKsUqwf\/i+FRRNuU4kTnBm3ou2n2sQQSnceBQMx3V07zKNuITBC74Ug=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":501,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":76934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WHZAACYGuyASimxDwKgBuHZf3S4uwDPuE20Ov4AQAfk32AAAAQEICqa6xFgi2JVq"}
00858{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77677,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFyWHdAACYGueESimxDwKgBuHZf3S4uwDPuE20Ov4AYAfmaywAAAQEICqa6xFki2JVqATwEMCsTVW6PRW6\/boJLnJbxMXbG7Q4n\/VS8nFAXzztz2Xvm4ZuV1C1UKeOZqvMNWpKN7U45d84Y7AkTUC\/DpdrSUGNjiPb9BC2BBTX7+ncf7C4ibqcAhq4F4FpnZGCFimXyuZTQj6Gvi2hkRE8R35o216G9LgwLpmNKypL7PL438El9ODf4ptjriwKC5FVijAjeVsPfutb7mK5SBanC6QHvOpjE4egptFZpKo3WqusMT3PwgSblljEpJG9M4\/NSi25jW0qhOiQtzH64HZNB80xPYBoxidQi3Mlx58wTRISrHqOKKtyh4ALo4lWKLwBtKik5YzVw28WQsDhPOZ51\/XDKUH+R4zdy4rKkiI4RLmah1ZFu9TsJqy7bd03m0jQZQ8MLBqoj\/uM8ZNSQRrKFZ5ekHz1YOY+S7lK0zXRU"}
00469{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77688,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUWHhAACYGuv4SimxDwKgBuHZf3S4uwDUsE20Ov4AYAflSXwAAAQEICqa6xFki2JVqj3Qyu+5+uy1+28jwkZ3YRlGt3y1Sf7962SCA0mk3wIQ="}
@@ -407,7 +407,7 @@
00447{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77948,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBWHtAACYGuw4SimxDwKgBuHZf3S4uwDVPE20Ov4AYAfms9gAAAQEICqa6xFki2JVqdj9nUXn\/sAhEHAq1Mw=="}
00427{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1T4AQECAnagAAAQEICiLYlk+musRZ"}
00427{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1XIAQECAnXAAAAQEICiLYllCmusRZ"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":79165,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00426{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":91439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SuZAAOcGItcSilEcwKgBuHZf3S\/8FjKGFTVa84AQANu3cAAAAQEICmOBiksi2JVx"}
00438{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":92283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
@@ -423,8 +423,8 @@
00447{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":93803,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBSutAAOcGIsUSilEcwKgBuHZf3S\/8FjRPFTVa84AYANsf4AAAAQEICmOBik0i2JVxF4jwu0sCYR894Thpaw=="}
00451{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":93812,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABESuxAAOcGIsESilEcwKgBuHZf3S\/8FjRcFTVa84AYANt5wwAAAQEICmOBik0i2JVxicyOakUFu81kNVzra1b2Ow=="}
00987{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94017,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHOAABAAEAGN7DAqAG4uduFPt1Fdl+PNscpnSpDbYAYEAwFAAAAAQEICiLYll9\/mc8NAZgEXPbdvtbTmRXtZvkhCpRu89E\/NC0evMSWxfI463ZMNvhJiUNtLl29hStqf1WWeBU1k0TTyXeOv\/rfDFTYD+juJGFonoyCsM3iL6Q9\/v964LYgEWMX9ALB4X30q9QaWo0Bm0qK9UwCQ8U15JoruS\/niDmalsIWQBLJ9q0Ij0l+QS2w4MJipV05eRX1u42NiX0nmbgf66P3ENbOZj\/1aRDDyF+yjCJSZexZkCh3TyvjVjrGklMAsE77Hx\/c36JFY8gxNN5UQueSZRyjaLRTsI3yKKslk2JbQ902NRTc1Rojsg1zBhHRq\/ORbfBLpQVnAzo9YYHG1v3ZkBmEr0D\/uZNUW7OFL1C89+KGfRCCauAg+mHJwhFjmKdLe6NbjRExzUYQIm1BV51xri9clMmcaNO1RuyCxI3E6JGhWjmuGD8Bu8l1qU7n33tia+dLRd8o+DqGHtS040to9Oiy5u2Jm96xP8m1GRaVb+lWWnQCbdKr1vIGF4mbQblvVd7WqYL7sCqoH0rk2G\/9qPEDzYYKUSpck5aEa0\/xYu4="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_tot_l4_data_len":558,"flow_min_l4_data_len":32,"flow_max_l4_data_len":442,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00716{"flow_id":39,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97308,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEnAlAADQG3qeQW3iHwKgBuHZf3UEpl2jrdDhk\/oAYAOudKAAAAQEICtuFpasi2JZKOD1kVbLrdC\/cTcdqNF\/\/M4myJbuDPiTQR6RUYgwP1uedKee7VKs2H4QewUbNHrtseikxjhBxWZkorgltADGDmRfEe6AzdQcAqJEB6uNyh4vIfEFBKBXV8fdGKEgFbUP2ckfVnYD32cFPqYFvzB1Hv2pBmCo0\/bM73fFG\/xOMNjWlbZdEdNl8R0hfgpQcGWH1T1goLnjUzh8o835V9CrzJubJpsi36J+WHIjPS2e38krYjJGf8DvXs\/hb9yvVQc3X3BKPL6jhGHuYwGCshh9jcA=="}
00426{"flow_id":39,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGWuKZdpu4AQEBugGAAAAQEICiLYlmLbhaWr"}
@@ -432,7 +432,7 @@
00439{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":104666,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
00427{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":104768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
01071{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":105962,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIOAABAAEAGa+LAqAG4rGlePt1Gdl8dOmroo1VV\/IAYECwW7QAAAQEICiLYlmkbAQsKAdgENvGWIALcyRavCBwbJt1CfNUg\/w7vVWHfH8J5KWihknwYvxplDsXdyWftAj3G+fM+tQYNeRRqV9fPAVRLVkaPykgCZGMetBWkg8g1EQ5mFEgViw63sadlIN8S9WN5GIBRApVfJbbSlMCfWJcZa0tH9XH+xD63X5naFx\/I3C1h66Om1nAJG5Ix1OtubjPWyGTU8F+rguM8ojtmeMyjjp1jZWtYEA7u9eG7fK1N7Fz3wOYh0oApyB9a4p0XRXoYqGzktKnqG2qgJ\/vVp7pWmKPFqQSD40qodQj9kGT35wOKykcoBdUL7GG\/mn8npTocOfCIlUJ4cbQ3th5eBKJWW1WxKlcppyejoAqPdrdWMU8QLppI7nY+a1pOVsyIzTtAKx84qjz778ulAgPZT9fYxUV3GWeJ9CTOyWEvSIygOEK\/WtCrKhuzO+oBsHjvkRRGfO7E47d2BnncLP0X+sMrN5GROuYTifxzQSWjbk6ZH2n\/L8C8i5DWouPFCmxx\/Nq+5zSzTuT+ld4ByyIZWtjl1e\/\/fcHy7eVWGpMQXFUHpvYms7eTjj3Upw9Njh5lpaDrp2sXm3male0wN2mS2E4hsrP1KirQ+3qCHlEQ8gbr7WvKvYCWx4+Bxpvz"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_tot_l4_data_len":622,"flow_min_l4_data_len":32,"flow_max_l4_data_len":506,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":108162,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0MqxAADQGlJ+yPgrawKgBuHZf3UIGbP5IMVZ7GYAQAOt2BQAAAQEICguCtusi2JZH"}
00880{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":110289,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGBMq1AADQGk1GyPgrawKgBuHZf3UIGbP5IMVZ7GYAYAOtPJAAAAQEICguCtu4i2JZHAUsEbZLu9HK6aqELHPJRaL9WSJojADRt58n2t52VgpLYsTbpinRCnTecyo6\/1xIK9mWXGz+bZW568ODjL4TAfcTw44nn6BCj8mqap+PJZ\/HckjpbCIRqjT4vvekYz7m9mrGTVOebzo1H9qdRuZ0mZKAv93Ib7YZwa+Io+Gum0w04GHa5\/Tva2qzD5G\/KXz43s1cXO7hIY+YQY68lwXPt3WfnjQu6VeAfAqWwPD6IU0JBLZUeksqk16L\/cfjnMgxCayz\/FudAemMjW7gMN1qQIDrPrbQ9XQYn7AHDASXAsLMJoLF5G1MZUxiosu+H1sz5o\/u+MPPkfcdwohNWrkMnKOBn9KFu6GeNtsUv4VGORk7cHdyfmGSVMg2h2Ro5e+lpdKBhxG4hX3sPSTnWUAUAQCAKVvVGF51f+hIsQFfPz06DcnAsS7ri9iNypIAG"}
00427{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":110391,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnsZBmz\/lYAQECFlWQAAAQEICiLYlm0Lgrbu"}
@@ -497,11 +497,11 @@
00471{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153186,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUqERAADMGHHui5B2gwKgBuHZf3TsLfbwUuLex+4AYAOueOAAAAQEICtHXEgQi2JYE6YtirRyaIoVB7ORY4lCsOeH3eCuwvQEPRCr1biylf50="}
00431{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153199,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1qEVAADMGHJmi5B2gwKgBuHZf3TsLfbw0uLex+4AYAOtdKgAAAQEICtHXEgUi2JYEcw=="}
00430{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7KrC328NIAQEB6\/xgAAAQEICiLYlo\/R1xIE"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153718,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":154075,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":169225,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00427{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09h9AACMG5MkS26efwKgBuHZf3T9fy8\/Mfuf3KIAQANuwWwAAAQEIChLJg3wi2JZG"}
00438{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186673,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
@@ -509,7 +509,7 @@
01105{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187803,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIe9iBAACMG4t4S26efwKgBuHZf3T9fy8\/Mfuf3KIAYANtyzwAAAQEIChLJg3wi2JZGAegELLTaIv3HkQATOD+AZhRSyZMluygoKhXoE74sjJR7N3+fTYUnwzZs0BkXypYu30jLWQvLH8oAePx6JychxTxO1tNYYcaNkbXSP4yBV\/CLqNjuH\/RHf5gs2+FBLVBoKm0SvmIcoaHebgjaRWYYXG1sjATtkjcgEu0L2o2W+HVp5FWYm9u3AOBkexAE0Ku\/BCTRkzfWVTX+pnmhEWEveb2r275EhgDb+XRes3+Z5jppALvMIfFzXTu\/DxAVixFXbUlJkCiiltG\/eP\/SYsKPFzMH7uV0FRIqmJIrA6jSvkg8uEC3igVI6RGebb7kypy2Jyzfnk4iOvoALuXFbXW8zIgI7fdRh5hnF9OjJkcqheJJWgU\/2bRPhokHghxSiBjqik3CGzLncYVeDWUleTgyxtt+nAmFH\/mwB98PKjXYLWYJ+3iAU\/LVgZOLtJ9eeAdI4tY\/6oI4mFuxUs0fRF6\/MTD8jR+pRpnMs4Le0efQOGqbJwFPuJifN\/KRq5h8ry2CKRj+KS62N8wQv+z4zzCAZUNDSbC\/gzwJ+t3hghqn8B\/J\/sT6W1q9R83JWLS4DYhPMMfJyREaxVLHUMXb0Hvck24zEmGPC68\/pc5hhvPt6FGSSYD\/\/vsBTKRauz9WUTcfsGx7HSPv\/VyLcQ=="}
00428{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vRtoAQEByexwAAAQEICiLYlq8SyYN8"}
00996{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187928,"pkt_caplen":483,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":483,"pkt_l4_len":449,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHVAABAAEAG36LAqAG4iskMV91Ldl\/HR3E6ulBujIAYECyeGgAAAQEICiLYlq+1b4mgAZ8Ej76Lsxeo0JjhmQv760+e3sDcPI+1NwtbEdQlOqM1IGu+sKFczssAjsKF1N0uSA3EFE1bjOFzOmT1oFXkmPWaqPQ0jAxsR+jtrJ3V0GFTF5BbRz1\/DMZmwP84GMD3KpQlXMSBc++ETHQX3CPcN8IgMjdR3QT0IM+uwS0uEPDQt0vCSfRyooOouihC9YtpM2aAbShI2qiEG11Ab26I3oDh8cg1fK+YeODq4vlfKF4mM+fKD6sSFgyaJ1m7dkOv1d2nBelW22p0yDyP8DpGa1+bdSyn+YdRUY1BRjeptaC0bfgepWFJ5HA66\/\/v9wbXlTEDZ3mvc\/CWL\/5b6cyw8iYzyH1QswjAEnuyStTLMTFI+xMU2sMfifZJ0P3bXe\/dbHC6F1\/88QfXI2e93pgkZBpgBSfBPzzjryponn5tfywe\/UWwEuEj8dOsFVIRxJgdI7s+pJdO1b1g+KHuKGk2wwvnxhLf8hpJ6\/wdpga\/uoA5GhdKUYfG9fU8IrF5nmEnH0DWeT2URdcwN4dH3IBbthpwloLq43NhWyrxO2tEcl5j"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":449,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00471{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187958,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABU9iFAACMG5KcS26efwKgBuHZf3T9fy9G2fuf3KIAYANsDZAAAAQEIChLJg3wi2JZG4qGVIF\/rNS4b0ha3yk0E2UhJE+8SAnGMPc5yyiee5Fs="}
00430{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187968,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA19iJAACMG5MUS26efwKgBuHZf3T9fy9HWfuf3KIAYANuDSAAAAQEIChLJg3wi2JZGKw=="}
00429{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR1oAQEBueqAAAAQEICiLYlq8SyYN8"}
@@ -518,13 +518,13 @@
00429{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188081,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR5oAQEBuemAAAAQEICiLYlq8SyYN8"}
00451{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188179,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABE9iRAACMG5LQS26efwKgBuHZf3T9fy9Hmfuf3KIAYANuriAAAAQEIChLJg3wi2JZG8fBAxzjaRWd6BoyLtAOXEQ=="}
00429{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR9oAQEBqeiQAAAQEICiLYlq8SyYN8"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189114,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UNhAACEGQrU0u88bwKgBuHZf3S3Pd7n21PprjoAQAfmqiwAAAQEICm8lvuMi2JWb"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
01040{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195889,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH3UNlAACEGQPE0u88bwKgBuHZf3S3Pd7n21PprjoAYAfkNlQAAAQEICm8lvuQi2JWbAcEEfexCFt2jnTqWIQ4crQ8vIbdE1KnH8YHvTHdpE2WBn7WNjuJtME\/5vnUJYGr7Co2bbwwMFxhtwsytreX0hhXyzz4vHIJFNkShaTT69RQDTl8JRvcPBZIgYN0p4T9tQtR5KgrWxun53a8fpwaDpsVIRnZQamAF5FksKmPmU+VDHaAj46s7l\/R5UQLWsjIHELWVkUgWJPFcjF3u\/de1aUrt18amXqYuviEKJrRcI4W46S8iCbN40sw4USJH8pQnZj6nCivGF420eAl4bLGwXm6OC3x9HWg+adWTmjqRLwSmzOYgceT9nM2HE67tBp92+PIBvsqUepzgEHG3NzNqVT\/Pafhaaq+0cmnUve9S0dM4EbJaQeLfm9aii2YC1tqgtp4O4kJgoNgt+uHhwqqhICVTp7KiM3mzaycQCwfuRM+YVv+zy6rjZizKBuKWJuxoVA3kGYlrH4fhE2DXXIIIDUJNv3yUKH1G+YauLqqTQ+T9sYkmCT4ejriP40uTp4WcbyE5dKED9fbNOTmq5R7sjFiWkLpWsCbqSU3p7Tdjecyb\/U0XkIAb\/RGTov\/OHhEUynnOjnwjI08W8Va5i2+TGe7WgA=="}
00428{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+muOz3e7uYAQD\/uZrAAAAQEICiLYlrRvJb7k"}
@@ -539,11 +539,11 @@
00439{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":201994,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
00427{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":202054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
01151{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":203398,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAGPXbAqAG4sAmI0d1Mdl8ouUvcQji4PoAYECzTgAAAAQEICiLYlrusVDbiAhEE8PJpnPbySdRqYDVxMP+F\/sUREqF\/ZPapL0ZkwOKMkrT9n4zoxh41j\/glS+PHo\/5d9kUdB0t8XsUegDI2rTK1qd731I+OxYB5atRAvsAHKjhEJvXyxBlcONwpQSP\/EbY3bHhBzCKl6skIsbvrHid\/G+pdbkvCg99m5ksWTyjKeOLBOEzpnsCQQJ46PAi5Gt+cDzFuB51Q88zUU35bDXVA0lLvIw+\/X9Ad5weyrfi170rwq+ovDDRTwLnXqPpcqTfzPWDebsd\/6JjsLeqiFe0w+TGqkb7XnmvyJRXCCSwZwNWBqW2wMglzYEG7ltbYW98qdjPkjWQR+9tsbEjKGZaGADeDpJTqev97xI1vdrueDinIGP0oRJzLadvSTqC2Ltp\/C5Yi2IWcYPY8sywmbCd7WiiseixOfbruQnBYJcuCqP9v9CzDCs5AIhr5M0ZuPRMu5dbjOvMkXJ3NW6ba6vBl30SnnPSKHWyXB5KIK4IjuThpFVBpTLHLgCfrizWGDE\/hM2VI817zJI53Z4uO\/Bb+w7RrXYUFd2cFzRSZ49MZ\/vQhuKbfvsBPQ88Ow0AARIwIVnac6G2XL8ek6PHG7zFReTp7DodXUTvDgJg7wZNQ8sPEdVrTFE2Fs9IZezbTOy5TaeVX30ypx3wwNi5iz9g3SdiXLC8HImUZXOcXLmnt\/fLL7x6cPdF8T6a4GSRCrRxx"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_tot_l4_data_len":679,"flow_min_l4_data_len":32,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":210541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
00427{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":210643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
01052{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":212245,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"EBMx8Tl2KDc3AG3ICABFAAICAABAAEAGWCXAqAG4I+T6jN1Kdl95PESuL2h214AYECioawAAAQEICiLYlsOaQodaAcwEDGHd5l7+RqBaG9K9E7p7eG1uwAqixy4kSbBlThBTBG3PJd151620cEM1KQv3FuVJ+m1O2Bl3PuHLNFy9+uCW9rXxDdjuGQLXopWglXnwA4vfKEaNoP1guYL9OWT9VrChHEKiZqWq5OPiLXJzIZxm0n+wOzc0TDxP3Ht4K\/8RxdBrGYRmBMp07Ku6MClzvshXnlOvFHLazXKckRDG1GrWhz3NC7HBzBC9vkWn4WuX0jDrGRuGgtbmHSC64XeGp91\/wQF5bA7lAbI7LP3qdWbWTriU3RLdD8BmAS\/9dis\/zPdM5RETmZgdmAGlh3YwpDE5sG4MLluRHTzgmeIW7EmXVuGjbPylkf5LQudyfHFWA8SFV8O+KuOXVRm\/H7JIFsIytQFbbnKqauEeQrW+BY51hlWUwFSH9NDdlRqtdSDGMYgECxSuxXCShGy9Px\/C7H5nI3SxVQKdMhmtMLGuO5bZFjGsHe74YCTQbrTiV5NRiVqSYealCdEu8Pya28B4kuNJe4f9BwCRIHIINgi+gSgDYgqkleDY0V8p5fcl7nNE+5TRnQ6seUsPtEv7gQuDD9lZ+LTCKuzbZiHiplBuxx7+2Bnil1lw82hEQJ2q"}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_tot_l4_data_len":610,"flow_min_l4_data_len":32,"flow_max_l4_data_len":494,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":220554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0oJ9AADIGTqSKyQxXwKgBuHZf3Uu6UG6Mx0dy24AQAOts7QAAAQEICrVvicEi2Jav"}
00886{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":221938,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"KDc3AG3IEBMx8Tl2CABFCAGABIRAADMGdOSsaV4+wKgBuHZf3UajVVX8HTpswoAYAfptVgAAAQEIChsBC4Ai2JZpAUoEKu4MH3rKRki\/wZp+pLlvmCPFUHz83D8Uysnt\/uVSh4\/tGNo7yls8\/eTe9O\/hr7SOV1EBx4PVYZOuxUD2kNNbbq8OFHsub+Eaf2\/vXqQJ42UcjEq0xsdn0Mb6yRBy3irW63B2ZO0tGPufyhr1qx5iYVFrzvDsahcfiz\/rgvBbA51rqTuRR72tiHPex3NpymrrfZVYAJzj6ID6s7NBoU8uZ6YwpcF+BbBTLe1WOjCYO0HeU91tAWCGxv5N4fgI3xhYBPyiMUaf8ZByFBcUIlT5\/Y6\/Av4xwTb8jmNTIp5B\/Xe9hypAe\/p9E0n68kPbQkph0SWhYtNpJGaUrwBs9enk6EWTDsy9ZvQEAT3x2rD6fZv23yoMyWZv94PS7zWbsvIhhSUK8LbmFjAvYJG0iZ7urnIVC+\/0HYOAQFFK35yaUkBVvQ1zhmP3AXY="}
00427{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":221982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmzCo1VXSIAQECHhLQAAAQEICiLYlswbAQuA"}
@@ -563,10 +563,10 @@
00453{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225068,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABEoKNAADIGTpCKyQxXwKgBuHZf3Uu6UHADx0dy24AZAOuM\/AAAAQEICrVvicYi2Jav1jRaKtLwi0beQ4e4XxuKrQ=="}
00429{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3LbulBwFIAQEB9cDAAAAQEICiLYls+1b4nG"}
01121{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225314,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIwAABAAEAGtF3AqAG4VdZsNN1Odl+\/h8Kjb6ZlboAYECw2MQAAAQEICiLYls9ls11ZAfoEoC3aHaIYpG5Sxx6O8FXsfPZQeNM1OJsBBwZRsqnAvPSRl\/wZXOiCwtj2F6lFdpdsX\/t7QMqDehmqQ+9vERZs9PILcJLcBml7Ez9pBoXKWo2a1xhp9o6yCMZgukG0MBan0OKAz47yPC5wnomR\/MuLddByIHP\/f\/h\/o6Qnrr1MmY+TM7SuRmDBQf8v8wWNvCAoKbXByuyrmRjJZrU2hDpQzpN4v2Bw7oyPFNlmvz0MKwBU7CqeCSZeCWaTlXhpFAlV36AIgHdE4mmb+gQtXFHUXB9WpHTuiQMm1scnmCYryQ8dOvcVFbv5TmQ8Kj2oSUGkcrB3ssC8ZytCxYX0rZedl0d0Q+DiFqxbwHcfjoh3DpqVbSn2vdfOCR2qdhWS14gskGAO0InEx6PohcRV+m1ZyFsXfOrikb4qfgfqUI9UP2KncRJp1c5Fi0tR6YuflDWYF7UGbDWjl2wRylBwf3GccEyb5dDzE4lv7AE3RKd2bMclnR+bx7IsMu5WJC07eJd26S5YVacSnSPJb+5RJ0hVb\/gBVH\/o84gCBh3u\/eMuCT7sc5gynbtDNrNRUySNxNNyIKuvBaDfYp+WLiirjjcfu85ARWFJ+YBheABUeZucfRZPhnvyjyZaHsqwqyEuFr9gtV3NhBAl2ctvT\/1EdG2AgSvAxTl8l4jvSA=="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":540,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00473{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225521,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAG4SPAqAG4iskMV91Ldl\/HR3LbulBwFIAYEB++egAAAQEICiLYls+1b4nGToybzwjlxFiIlSmpCZLTvKJaCcU4dDONFHdW6naBXD4="}
00434{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225531,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAG4ULAqAG4iskMV91Ldl\/HR3L7ulBwFIAYEB\/94gAAAQEICiLYls+1b4nGXg=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":226088,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00427{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":235931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03PBAADIGcJiwCYjRwKgBuHZf3UxCOLg+KLlN74AQAOsY3wAAAQEICqxUNwQi2Ja7"}
01009{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238288,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHg3PFAADIGbuuwCYjRwKgBuHZf3UxCOLg+KLlN74AYAOs6tgAAAQEICqxUNwYi2Ja7AaoEYUpDMueFQ29SYV04DhjKVkzrfBOIzAJy2k96xLiVPC91+TyvsLpnxRqP8LXVlOLtHcmce\/jW3zRyIMDcExOzW1G2EF8ZpU+eyftEVvJ3eZjqKjGzkGUuajzUBL3\/xzWdxJLxfPxvuu2Qzb4Nl7h7vY0jBocCuiToAim3My5afbpu+OQYLydrbK\/DJ+JWD+ptIR2XIVU8N3npHewuEofawLiLlgyh0wRr3GIvVNEZHCTIi+ycYzcVvVoHPmP9JCx46zE4KvgZkf0v3vH0ytdwn99dEwUQYNaSIuy4+ms9Tp5hGABdt1R5XienBqbiJ\/bl\/V4uySwjeBXhgxLSTJEtBgu2oqy08jjR2eUs0ugH3oxhrfgbnaIucZbZIZW\/zPPw9VcYF0qylTErTDAp5bm3mC+AQnFiWU1tU51wpYzyWvSXQta1y4PZCxQPtAjEgtcyw8Igm7lcHF9sxT11hsqO1tzEd0YNVsuGB5J19DtscEfH3u33nG4ORZiAG7Xspcj0kMeh51oC+\/aMvJ8NoXr9CrIKZJZyGrTDkyzH8II2x0SXsTYp34jnG2o="}
@@ -579,7 +579,7 @@
00428{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouU3vQji6K4AQEBwHnwAAAQEICiLYltqsVDcH"}
00473{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239135,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGP2nAqAG4sAmI0d1Mdl8ouU3vQji6K4AYEBy6BwAAAQEICiLYltqsVDcHmZBEPBcbAj6Wf5Qavau+nh\/irgtiI6tR9CHl5eZxE4g="}
00432{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239147,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGP4jAqAG4sAmI0d1Mdl8ouU4PQji6K4AYEBxFdQAAAQEICiLYltqsVDcHwg=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239758,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00756{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246408,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFCAEkBIVAADMGdT+saV4+wKgBuHZf3UajVVdIHTpswoAYAfpi5AAAAQEIChsBC5gi2JbMoagBoDvlsI1RFYeIr1BU6AhB7X1Y1lBBp5PbNNbeSifm\/w7DNEZlWpxj166YKTICrCHQC0PL9phdL8IOezcQfm\/ZbCTmbZSjxZn5FTaF9xndT19Y+wtto5+D5L3U3YbVKclAy78hwqF3Qytv75\/e7Jo435Rnjg50musiH2pjhj+y\/ss3gyVuYjR5ZuiXNY3H5QQ5bGoRdiQL+wtfsqaFYCs+1a+ovcEGn7h9a9tj0PuRvmEjUDb3s9Y2xZ6t1Si\/goTN5bhl9U42SL04OFrAx0H0P+CQ6U1JkiSgS9gLpp5OaYfPvoExw53yu8uswsDM"}
00428{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOm1yo1VYOIAQEBrfZwAAAQEICiLYluEbAQuY"}
@@ -603,16 +603,16 @@
00428{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":269961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAQEBTuIwAAAQEICiLYlvaaQoeW"}
00474{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270123,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGWdPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAYEBQdZQAAAQEICiLYlvaaQoeW0ZdzpKtiUhfhIx7WeV7\/+5iewNRxWOu\/lShzWkhuDQ8="}
00432{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270133,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGWfLAqAG4I+T6jN1Kdl95PEacL2h5QYAYEBQv+gAAAQEICiLYlvaaQoeWvg=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":271977,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":279592,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00760{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293591,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkOBZAADIGi1NV1mw0wKgBuHZf3U5vpma9v4fEn4AYAHr1awAAAQEICmWzXZ8i2JbtjiX8N\/UkjGHiI4KK6khM\/chT1LHox1qUiskn1P9E0bM2lBJuKEUJVzv0ZpQPhZkJpHzHtxRh3lj\/xt\/j98DYRYmrZSlFmiljtU\/TqsEKD5YcQo50QMa0zscLgJKEDYc73pDuPHAqTaZlezbGr0\/zkhv5ZN+34hCODv8NdoORc8P6X\/UXylQERF1HrCsXuxDnfTo+PpPBmt8Texgoh7A+pDFftuOC\/NzbVkocAYoV9KGW+uUqxpSFE2s45Hh4KNsP\/yh6yWO1kGOXa7wuiVy1tbbCN2g6wrbb2opFPDrladJZEav7kjTTx48sbgd7cyXH"}
00429{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAQEBq1KAAAAQEICiLYlwtls12f"}
00474{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":294050,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtjnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAYEBqvswAAAQEICiLYlwtls12fk05E\/eNp2gBn2Wn2YezoSgCwsTFTQBL0WeUZCIZvQhw="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":295537,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":300081,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00600{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315790,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"}
00572{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315825,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
@@ -620,34 +620,34 @@
00715{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386800,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEERKJAADcGbXoiYawWwKgBuHZf3SnE3yB7nZqG6oAYAfoxBgAAAQEICjHMlYIi2JZvGdby6dME+3x4dvya5AgCwvqTN38qxsoQG0cVajFonOjSLqEqRyBei\/9lSFrSkhr8elR6liSUj+p7b0DEsed7ZiXVa4yCEb9HejeECGlcsfrhCxUTzn3AiEDMdLM6NvjPN\/s4BZwVMKiL2utDwrMkOAfN\/Y+CugH0SGzKoHXaxPA78qQbAxrbjdN4m9Zc\/t1hGf5Wm3pbjqQuWhEervR7QU9RvZQzqMoxtdq9s6Iwi7TVA7hVHJ3h4940Itigx7bj+mWQrtUAYEE1SvseyocxXg=="}
00428{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKNAADcGbkkiYawWwKgBuHZf3SnE3yFLnZqHC4AQAfoE+gAAAQEICjHMlYIi2JZw"}
00428{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKRAADcGbkgiYawWwKgBuHZf3SnE3yFLnZqHmoAQAfkEawAAAQEICjHMlYMi2JZw"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":408726,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00601{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409418,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
00571{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409833,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
00439{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":411322,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
00427{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":411408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
01201{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":413075,"pkt_caplen":639,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":639,"pkt_l4_len":605,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJxAABAAEAGK3rAqAG4M6EXDN1Udl9XVw7QLoVUAYAYECyDfQAAAQEICiLYl3c+6INOAjsEhZMwnv7AYIDvDVtrVuj584tbTBHPl5FfxNiETDe4\/2bbkHyZOsBBL2pjw7L50JQ7E1u6e7FU3XqiDLBvtHiYyrNJbDsbzTSeAUmmiGGn\/rVs6lWdKtzqX+Yhe52EHPlvLH3EJKxiwLzJCxpyscYV76Mqzt3rq+U+IQ8dwmh3Nb7YKN8W\/tFY\/aFWAb+DQBv6piiVGN8793L3cIiNtkqYb7PDjTj9a+ncM9xXzaPAfp6yTqM2P3pcHJbQlDXOK6zL\/DacoT70CWvHMTvMMYG+7l3\/hTiJQjWtQWZPWxijqkdUJQhjH752XlqtwvHYViAJmgTRfE9h3NXhZdPvFlE3OSwtEiQtD6cT465FNzZ0dTChmNiu5LCCyWaKQ\/I+bjDfEgLhzs0xrzGLWfIGJ9ql5HbMedUgn9vXVbw5+MyIb5wPRO7KjKgYR0d6fMgz0VfsMPMQEs74x9tmu8LBoq06ZbKzFR3RrCkNqNFWVWB8wxhRV2y1IscRVfVZSGDcFyS3LfqvhCD9fbm6ctSysMr8LClBfsdKckU5V7Ba7MT48uPaPWJ2BOO2cQ8e5CzsJPSdwENL+PGg8oqEDsIlZDFsyhtbUoQMuq8EsBrrvTUxXLLyKiWfsv3hAZGADQvFJFgZKLVzP29GR23Tms3MsAvvZ1I81kwPVLZfpOlL8TN5aBDd1jeOEV7U7tRNdmajrAkTnSaC4RECbrWjMoc+XWcxlp43tI0NDuAj+vR0ccAA38wI6iAFENOiDpH2"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":32,"flow_max_l4_data_len":605,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":419060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
00427{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":419127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
01223{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":420924,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ7AABAAEAGP9\/AqAG4neaYV91Sdl9OT1qzFZLkIoAYECzcTgAAAQEICiLYl32827CpAkUEkClDEehLobmQbbq0Gz88T6EtnrPK5m21ZMthOtQadc9Bu2BpGWCvf9sJsO1HNQSMiG\/gRXiUvC1qsMYknKuo5riP0O5pCPUXOV9\/dCGVmpEoJbX9Cu4SU8oOVVcq0BW5mBcSCXRzqVkJ6OuFKGVTETzXDICOVY5\/x4IlVl067mKLB\/y5BdW+kH6ZLpWMCALAcMn2\/N\/iuz7T4n58+LdBAiZGJcKZIWLhE0kGcJEWBFrygfok1RQVFkWtbGZu7Yv7S3BhIHHDNoh2JCQyRKUOY3W1VSS+94ol1wQvZHK2D\/7cg3DZHBIELc1hEYWnGs7+v+aH3JWQbtMvGudM\/\/TxcEs5sbHPj2iuPwUs+GWr\/ABYrJbqnLktLNlolZ93lHC2AiZh7UnQSEZTQ2C0klPi0thw4o3CnU9xvXxsrflgbGFAzwNXG03KE25YHxzaVDpGfCzy9Gr6gwSGkF3c3kmPryW7WuvlPz9g4Qw01EnLeHPggGUoZYmc0gvvD3Dsvfo9uusSrfCPX9JGhzriLcXtplCdwocezH9CR3bPV\/XtsjxN+Nr7eBjpfw3OsMQ4OAwbZ2HbAGUJo15wGuvtlDl6V61+4R5Cg4votIpuRyRgpVUBGlee0R7tb2JnAr4Yd2w1u5wUF+hroymJMt828hU4NcUZIN8xqd5NItltnYBHoXPBTsYssjGvvdmkIN35e9KfJyCJj5cohl4gdMFpEjXdRXq5jWfjrb4KRRnkt1m8IiceoNy6GFXL7gqcU9Jy\/F0tjlZ37g=="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":32,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":458807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
00428{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":458850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
01079{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":460380,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_tot_l4_data_len":620,"flow_min_l4_data_len":32,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":461164,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465293,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00428{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
01138{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":466737,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":588,"pkt_l4_len":554,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI+AABAAEAGHnrAqAG4tqKhPd1Hdl8HffxHof\/J1YAYECxPlAAAAQEICiLYl6Y8EmDbAggEdoa9oP2cg5WbFRFp1huJY5VX6jNWR4iP8q0\/ZL+UfNj5WPNc5X3v5yp6YKaivB+gVGyrqfEZ+GjIg4XUCsubChBVe+OydG5YXSKovd4Zvd2sMMyI2oOC03c\/\/kw7hbjJ+rbBQxdWEgnQfHb5jg0KH99eYra9BRmnscjtPZ0VPLlbqSIcGOO1IiECUgTAOnr7SvcmyLFIiAGvGrvIdBrTIX76tgcsbBfHLo9eTIxNuEIPzftpoJlQRkkJFNo8lNqUk\/8C6TDddviZkLmf4HMeMlelv0\/SasZ6LuKmyQqv+6Mt7JjKWqNyxGEEereBZV30a3IwqqLc6nUseUnNUQaHuDiCR2cYJetm4kh+05RWknax3MTWGgsKyA1\/YRLowef50NB62eOQ35t\/nBtZreItPNm4cNzObl4w+R+inyZ6li8vfc3BlOL32oXm0w2h\/yO0+x2iMoMFs5E9MhSHHxNibIum2iNU6EkUL9wtesdWPyKtSi9lBYLQsSPpaLzTCSWPERK9PKL++NBm\/U676p1bFKl4W7\/Ejrza39gV8xmvOiBamM+U+6+vGXo0NysfKdV7T+LqlOjRTzZaPkLZ\/iVcI1ZddWk4e4FedK17QLh10zktBCaEDabKeg0lqB4s1r5My9st7NMBbRXcQGzOAxWryiBkdnxlPs7Ka+FwnQf3qTCDYsXMFh2h"}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":32,"flow_max_l4_data_len":554,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00441{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":485758,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
00427{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":485867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
01163{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":487180,"pkt_caplen":605,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":605,"pkt_l4_len":571,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJPAABAAEAGQD\/AqAG4ikurvt1Rdl8erUWVBnX6iYAYECxdtAAAAQEICiLYl7qkAfsSAhkEh\/JdZMRsvJD50CNbEaijDchFk3OeRxtIP9ocS2obT6LBAseQF6pytODiuXSbVf+Tmz5zqYi1Ty803nXLMzQOvNkOxSwkZkVUAfx+vDSqcJWe9hIdwkIOFWQ6Saby8ldXdWtC8ihaXIOuPl\/\/xLwvlUX\/F9SqKUKM2mTHVKVmZXgsN+9R9+ScHBB86uiM2WW9EfrUqPwS1DZZgmVd0oVjiW6ZFQZ3uPmqvpA6EbIm4iw+wZ7DthnkwGPRVZ2WbUXisIz138NTOUZM\/of5lFF2Ni55b0jr9dFQlRBYV4BTowlUzbb0h4uWSigpsDVoB+vANxwYYpZzi2g5VCJfZY0kwv2sj5u0zJyf820aBK9BeOggBjLsPc7pgxzkphmVfkJoriXillvShMJUQ87DOlRl1PLwZwUsNbx+xSd4Gci1PEnLhRjr2+OXJBia0DcecgMaNsdXFH\/Z+KB5x\/HWiSM\/B5iczT0gPqTog97WV5H8npGpr53JyOCZIkdRs6s4OiT9sjzU+5klAakPECUL6RpVCfWzm2fNKv+\/PiMlKEbfS72BxbX8uEN1Vt0pLKbA09K6PG1LiR65jTcj4prXGZrttMrIUK0cSW+Q2+OFTPpvS1jewPwUKp2bh5sojycr9XLKS4yBBP4pqTrPiuWsLhL1S9I5\/x1THo924R+UfL\/YLunQddGt+mPuZ0CGIL7Lm5eEAO\/WaRtrUCk="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_tot_l4_data_len":687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":571,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":553053,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA019hAADEGZN4zoRcMwKgBuHZf3VQuhVQBV1cRDYAQAOytEQAAAQEICj7og9si2Jd3"}
01002{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":560301,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHZ19lAADEGYzgzoRcMwKgBuHZf3VQuhVQBV1cRDYAYAOx5KAAAAQEICj7og98i2Jd3AaMElrnjCS78C012RtSCEFzgBwfeOrYXkm9L03KmAT91mYcbJS5rUkD1wCGw72dNUNBAUUXpnsL3\/WEfMdBwfF5d0GztDi325Bo\/tgnFwVTMIyJ9G8zLr00Pv9Gqgjl3FWBxvjIpwkFRdkNHAYtQQpt7SG\/QJZ97vvjyEBtLzdbeKobqKHJMm5INAMGYql85\/6914UHkJmZQxqjzjr1ozB19yu+hdbBJrGlWxPNmWMVZkCa+Zoc\/UC833Eq0570s88+cxYyGgx4jzGWlj6y7KdDgd+pj7yhbOgp2c1sJXKi\/iP0\/ap+IkXp4EMRmfg0Ng+i9c1rRZMajrxTTZ\/6Q5scXrR0O83VPMrSV9wtRMPh4RM70cFN0IF4nniajPbYJigJswAbUytn6jiodA47XUig55EVMoeL0yGjDjA1zMOAAfLe6i3eIgs1QVyflAabmYNYUOznrLZ+T+M1pDCUEHelba3IjtPIBm0+pI4pyRuDDc8X+enLrTXfDxatThxZMV49MsKFk2uKmZWrjJRx4nflMXa2lSKfU3mXrx1+vGC12yHS1YQ=="}
00427{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":560398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVxENLoVVpoAQEB6brAAAAQEICiLYmAE+6IPf"}
@@ -659,17 +659,17 @@
00472{"flow_id":54,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567015,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABU19pAADEGZLwzoRcMwKgBuHZf3VQuhVWmV1cRDYAYAOxkzgAAAQEICj7og+Ei2Jd3b+p0Zi5PrK+rKZYwUNUYR5dfWQ7Ch8tPqncxWPhSikE="}
00428{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVxG9LoVVxoAQEB2a1QAAAQEICiLYmAc+6IPh"}
00432{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567315,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA119tAADEGZNozoRcMwKgBuHZf3VQuhVXGV1cRDYAYAOw6PQAAAQEICj7og+Ei2Jd3cQ=="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567882,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":588602,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":592330,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00427{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00412{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593768,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
01006{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":594975,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHbAABAAEAGasTAqAG4I+XoE91Wdl\/o6wkD8x8mjVAYIAAS7gAAAbEEziim\/J0gI8gjAVY+YmyCFFnqH0s5j5T0so8TjsA51obDHc0Rqz2AdCozLs+UTk1cW9Y5OjQSK8Y31YFyoo8Sh4CTbFuJ4RxMa\/yBpXWlsq91wodmIbZ0TFzI02phx1+XzfP\/VUH7OzLCHU4h4kT8KvUeuuzDiXeRKp3KFGQiCfbiffkYqfEmxNQvkTb3bSuC7A8z6koun3pmBF22PF5x0CnRQDoed\/Ii0RtaJmiyQ4GdsJxavdJzD\/2guMA92F0O2B3er6P8w0lQ+UJuLCFacbaeCM9fT+\/GAhNt77XxcoerYekezrYhubw03HpgaHzjzy6JTcDypLc42mlWXJsvZ52w7ejgK7bcZB++5VYrmPz5YbsWfdqD+S9cUUrP0guijgLVfELMV+E0CflWtwtRP9SavemrOvy\/STy0yfl\/QD3317J6FBeo6KQy1txk5g6pQBHzb7Ex++\/1RrCeCi+2gIuN\/LSZS2IA7emeedvnVvyOQN4icPyUtjCg5FVYqUWdvItRpzo+7uX6XrHM8ZUHAl0B6HzG\/h+08MNm7+8VB7YBQ6RQi0iLtTs1obyhkH7J"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_tot_l4_data_len":551,"flow_min_l4_data_len":20,"flow_max_l4_data_len":455,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05IZAADAGbZ+d5phXwKgBuHZf3VIVkuQiTk9c+oAQAOxb8gAAAQEICrzbsV4i2Jd9"}
00964{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1391,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603599,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAG75IdAADAGbBed5phXwKgBuHZf3VIVkuQiTk9c+oAYAOz1AAAAAQEICrzbsWAi2Jd9AYUEiu06kQiDK+9uOuoMwZjPRpVMVnOIPe10u66FuxSo\/8swWJ62RkpZ\/TP4ko5IDqFuDjAriI\/PN22Y2zlqyZImGujwh+pdxrILNCh6fNyZnRZhZdc\/OCJtSPf7UHGzyPDktQiQ9T0rNa3KGy12KWTXCsNiUQAraLiUVfC\/07WS9nFTgfzbKaWAzyzd42dBjZQ\/tMzxBcBjB3JPK6DAhbZJmY+UrYIwRB4oo58MyRpQf0g4k2esz4M65yuGcjz1NB8DiWhX6IASTpS1j6BewpZIKvzTVfBv37rg\/1g45wZg2jSPcYU5iG4uXSxMQnEJgbbA415Sw7zw515zhYF0ns4wJVkDH2uBZjcfam+fFmOilf2Aw\/vftGBEi8nOuqSx4f05YswvACprLOkyUkKegj4doQi2H7ueg\/uPP9+7E+4JkL9ElYXdgMO\/ltPwYrDdbZ6tSwgAPk2mBTX9IanyMPHVSbjySPpiYdsC5A+SrTPpZZFQ40cQt5QcZThGOrjPjXaA+8hvDA=="}
00427{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1392,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1z6FZLlqYAQEB9KiwAAAQEICiLYmCi827Fg"}
@@ -685,15 +685,15 @@
00440{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":628408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
00429{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":628530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
01101{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":630052,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIiAABAAEAGj5vAqAG4ynAcat1Pdl84sWAmWFsmn4AYECznUgAAAQEICiLYmEAnH\/CcAewEFIjySTWjNne5ecrwaJ8uEFZ6wTzHckJ9nhOvk1tbhtUW2QAs\/NJT1OQvq1ruN09+K9w4xLSE1oPw\/JLCyqPILre12hJRVnTenujmnJQ4kZfKDPWnrIRN9tAy\/zuTBRW5GN11nkVHXlFkerHzkgQOGThWa9EquiBlzy\/kF8rSfO+9pcizDiJ8ojL\/vOGx2vK0HoHbgpiwO\/P+dJnTEN+Pje\/5LF7lgXS6h\/\/8cHwKNYmhZhwyPl2L3adaQmgedfbuj5IPGsy3KDSYKNXQjT1GL1HF9VzqZaiJYkyGXky043+jGhsqtajrdIw0itUYUcU1oW3q2mokm8j3eykCiiC+aZqOeCs2Q3jwcybKlr6JvoAf0RVO4TlY1rdZO9FBMsloUtqtyaEFnzkwONnlmtAvXaxQyXOiSyOBDMSPv2FGVcY3KKPuSOiWRc5gHtA9+Ma9LwoeUEoFRWkVQ4VDo30xD4C16YzBes\/TCLkGdcD6zIpzoes6H0PlfBaaBWO6uOw4uZthiDBNlB5Q97pvZeyNS4COaj3Usxcojpo+mX39Wjm36tvwn6skBxdaCSvSZzlLANPJ0qRh4zXodHRVpvRuwXe8ms7KastdEBlPKgZDyhrdx6bb29fra2HEK5j+u+JT4zv4AJCPo3WLfJw="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":32,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00441{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631404,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
00427{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
00439{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
00427{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
01161{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":632984,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGLJ7AqAG4VmvzPt1fdl9sf4vW5qCK0oAYECxOAwAAAQEICiLYmEJQzL4rAhoEiPjdbB4Kgwl\/PHapbSVH2zNIQK7AWWYtANw9khTPrqfFaiG7hw8fy3FHkDjGMA5jVqMoDIzdBBBvVUP6bqKBY9pYw1aVPYSZ\/GxjPlRteY8+bb3qTe1SpBlH1FX5ThLiQgUWD6\/tw8h0to43qJDr0yz+z\/ZnTYWXcLKdBELTN6nj3OnuhgVIBk8rtZUgsEfckIn9WEPCbB0dYrkhHKGgt5GynLdCdl+S5E6meb2h\/4I+MlrHqLmw+1qCvhhT9tJ3jVvSIhbpshZRhsYYo3XBbFfGsv9C4pgnKjKNn2y9njGxhAREtxMbZtNYWcHodt00ieY\/a5dad5r5vhOWGl9ftWz1jTN6cJchvW2cw7rj\/srwPZiBUf\/9ILjFvk6nKYrtLr8QVgBbS4ABS+ALElvcfLqP0KuU5onA3Jw8rzXQOYhLSb1mC+Wqcf6wqJwgNotJ8Y1QzSZDsbsQVQW\/KXBTufZVqupzNKNQmgzAHznb9DuIjWFdsOwb4CXDao5ZeiPeA55UuL1dvi7eRtSYguvi021EBxQ\/GKNOHCcaNxEFMr+xIpHh4lkybLQuyKaY+jMX7+XSH87RQfggdlAc1bKATomLc+N5DLFbMFgfh0NM+5k6gq0WEYX2PaZl3Otaeqfvl57dPy6TIg\/y+3guItFdnGQtcdFE+Du1WPHup9HI9HIawoOFK6hL9+nZFGuZbL9XMwrfOW4dkT79"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_tot_l4_data_len":688,"flow_min_l4_data_len":32,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00959{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":633113,"pkt_caplen":455,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":455,"pkt_l4_len":421,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG5AABAAEAGVVbAqAG4p1Z6Mt1edl9ccbjxTPJGY4AYECwuPgAAAQEICiLYmELTe0haAYMEZ6RWlMCufi+FQ5wsc1aYeQdeBtzI218JBnTD\/4XzF4uu5E0fGWELqanbfUzRHRnC3Ii7806UEU2AY9ictpA75dCoFoa11U4tIHuqPv5zPU5\/1ye\/zTvCDPXpoEmsBI0zIwNUY6V\/gjXAFyU17GFmr+sLBsIa6EHTUcZIHiVGxBQVuSZXRwdtyKKS1L1ouv1UavOgXI0xiX0aOUisfyAVPJu5G\/lOv4DXFYiIKEUSC4fGBvK2FseP9elGgH9sTG1nljFlF2+lW5clLyqngkDEsG8Th9XGaC4v9bVI4AZpdMO6jAky7oOJy\/8+cQ+s\/2+n8EF9Ht96RNhUZws3u1GD9gGl\/dybwejRDgNFePJDQmzNjjTCWadMck+kTt0H59V6p27ML8Ig+raZNsB\/CrgWvmG0sPuvNFoo5ehOQNQCPEl4LKvaMlbGhI6EHshUnYwJNlmY86hEYAOZqtMXemyPa9pZ3QJAJa5RVo7zQz4OuuXvnbYY9aZtxxnS25rGeeIxUCI="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_tot_l4_data_len":537,"flow_min_l4_data_len":32,"flow_max_l4_data_len":421,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0Cs5AACwGzUA0CYBEwKgBuHZf3VXR7JfY7e3tNIAQANvnMAAAAQEICoMgQc0i2Jeg"}
01012{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652691,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHgCs9AACwGy5M0CYBEwKgBuHZf3VXR7JfY7e3tNIAYANv6PwAAAQEICoMgQc4i2JegAaoE1Ups6ubRjS4U6jmsM3FWAfcsZBb4yEzK1wOmt6IBH6fUMXJPMzFii61Cihtl+QMCYxQ+ZaxnA7qxHU2uvdU\/ItsZuXe3WLE5hgOOB4f+waoCYYMs7mSr\/apjE0wAEfpI5zd7MhzreI4DlR\/TwImxOl1m8d3v7F3R\/CyOnuJpAnQ7qQvSWV0lv02mzI\/smnJzHnwTZ7Np3TCgcAVF7Mlm5iy\/1mzrVZOfCjE5WyRKJlX12SFGu1S7MW3ITrfAv97pksflJfo1g9+Auz2N1zEPeasnb8LSqXLB9QhuRpxEWWYDdZMzzgAzfi0kkHWImjbYeW8b89N+OV2a0cJIIV6Yj6uYRvpJ\/koZIUrbt51JZrd1Rhar74cYQaaBzGAn+DGsQdbFOLzVfM2SIetJjpnCmp9tDAT+P3AUOT8a+2x1qHYrWJV66cUqfHGy75VWNVIkNz9iHK8UiCnsR+XUAHqzEOkvv1G7NmwyFagpsXblKhVwol\/C0gXa\/DmaxSG5Bc8aqVb4SBdBaVpNm7mFdPnKo8N5iD8UGRQ2z5zvpo1G99Q62m1KAaZTc\/I="}
00471{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652708,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABUCtBAACwGzR40CYBEwKgBuHZf3VXR7JmE7e3tNIAYANt+iwAAAQEICoMgQc8i2JegdZYj7iqe2ipfPfAuIk20LujaADegKDpiO67O8kQSkEk="}
@@ -724,8 +724,8 @@
00439{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":688431,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
00427{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":688547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
01172{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":690049,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJVAABAAEAGDbXAqAG4fNnrtN1Xdl9L2gYj8Yj3voAYECzDmwAAAQEICiLYmHjI+HIBAh8EpBqek9IOd2DX3EmhTksPsRZtaZjiAo+lpZ5W2weEBnKWHQDM\/F9NsadhZ63pl3xv4ocAKVGXjfFUvBKZPAoJmuB\/bOkGr6g3QgsiHYWW4nIgEAe02a0n0ReBDRxbjbJsn3\/YJNkkgYQovoW08TU6AjTqONdN8R+e8gWmUAIK267y0hhxo5hNl0QGN35GVd4Z\/bpKroxasnTUUZkl+ETbpX7go59BNWHxd8NPWnrZJ+n\/GXBxSM9qpg1W0HDKcswUAss3Z9s3Zmd9To9DkN2h1GFu9GTLUSQYf3uSetUMPRbFqweMwBGjDuUi4Bs2ToJeGUmVlej9HFA\/3l3q5JXsKlh4K6nfHNO90M333Z+K4yB+3XT9YlHc5OcItlt8wH7eRX4SnTg00b\/SfR2kVh7mbPca6nP59EM6\/KYDq82eH9brr+HSE3aYrPnJlsNz3XCf51p84McyhI\/wzB1XYQ5\/OfE11+FPNQEsgV8RT0HvxtPReFCXcbYoki0KLc2Jc+xtu0Xe8WkSgyL\/Elm0YYrrnyyUs9qBHeXfFQI+LjwWyGpDChQT1pH5jvSB+daPeHiPVeCqqfF4vEx6qjoI1zDf0TBO6NCaCEmZjr\/fUb00V99k\/SiQMMBt+sNLGDfau+mMq9DQgpnfoJxpuksbI9PhnJUiVAO2nToGCLWxbZsfxwd\/UBJ7++AIcNnzOzewH+pSqVrSWJUwQUBxeLiPNxE="}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_tot_l4_data_len":693,"flow_min_l4_data_len":32,"flow_max_l4_data_len":577,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":701530,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00758{"flow_id":62,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709379,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkIvlAADIGGNFWa\/M+wKgBuHZf3V\/moIw+bH+N8oAYAOsi2wAAAQEIClDMvn8i2JhlsiWpxCVKpZuV98HXaGsGWdACwNWMp23fbiYao02\/V9U+GnM7vrMSRo6kYst9eNmf+N0ZGg\/D7iaBdnPZh1sM3xwK6i+FGvnpd+k8EB+SoEEPH7YxmS\/hnrdLBMIDHE9hEu8Gy1cWHh2elZcgreTdphnoYfu5kimzVmsUGItfWJ0YjwLpSn7qhMmCTQh7Z9lTULxymUAC+XPWvQOw\/c3Cijw6mymkgjCtcKvpI0ddb0PZwgC2ot5od\/bFPuEDBXuHa0WAw5uUJkfU3haWm0QdUn6J3nxQD044wrVPMQgwNpYTanRBjtxtTs0LxAI23dVc"}
00429{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf46i5qCNLoAQEBnNOwAAAQEICiLYmIlQzL5\/"}
@@ -733,15 +733,15 @@
00713{"flow_id":61,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":711921,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEacJAADMG+UinVnoywKgBuHZf3V5M8ke0XHG6doAYAOt8gAAAAQEICtN7SK8i2Jhl0GZhOk6I9uZwYf0gw9wiYBe3JEESZOxFY\/m1z0AQEkWN1djYWmJR7+gchVSdPtj3lJioStrlkAlGVVAtuuQvN1PH+x1cLqZzkw13SAwMTVlz+Y95LWy\/sqxH6cHOmCj9Bzj9jlTEhCM0tw+hHhonGMwnpzWUwm0tNXzkxdhOFgOOQpMCt4hQ9Ps7xeqtipIj8Ilc+12YpyvpJMhwLoo4rWR6BlGEWwLOLSEaYvf1tbnNeMkeUdqg3Ib3u4bdVcrRPygFKa2kHy9n4IwdrYPxMQ=="}
00428{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAQEBqqXQAAAQEICiLYmIzTe0iv"}
00474{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712179,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGVrvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAYEBof4wAAAQEICiLYmIzTe0iv5NXl\/jx2D\/KlQyWhxFLwE59FuHBoR1OI8ZxPbkmwVYg="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00628{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":736342,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":741903,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00441{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00430{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742990,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
00953{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":744302,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAG62zAqAG4i6L\/0t1gdl\/B\/P6G3qHC44AYECw86AAAAQEICiLYmKvjm6OzAYAENHCOMR2bTGVXFagrrP6AMRRXdSZyFBQAhe3AXn\/UD\/J2TEF5TMmsxTXpzQuKxUYCcseZbnZC7D6Yc0pmv1Z5txsS5jyXOTlSclCVYyVIBajV1cZcoGybREI9eyWxCKDfcsO9EpDw6GRpVfIGrAi41MI08YQYOFMuFmUdaXOwGBBkOvQvbJOv3UZxjQS\/P6iXPviQ2wCJOBH6lnf+MeMPmmbOw4n1EWuUumxXuFgXtnN7JPo4J10B6h1HnLjxJ+MAYbsKuguerCy1rm7lOzRgdXQyni9bdeP8EUKpl4H8KmWSvZ1E4ZMAZvCZjJFrYJgk6YMbmXF85LUKijeeOqXjmuGIYxlJf3w9bU1\/IBF2UUU5GZYAr+LFw4Cg5xPMNPbe9A4xAk2Nc2BzSz5lNbXZzMWV1Yk7u7Cj7i65qKu9UhOe91ZiBrpAvUxkFmrorTb5ItgUfX5XXV7DLSz9jemxfGeSemsc9UWjnmQLsmRO9mOJgas4f9bQq5Co5Ci33t8="}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":32,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00428{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":747172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0upBAAC0GmsmKS6u+wKgBuHZf3VEGdfqJHq1HsIAQAflmoAAAAQEICqQB\/Bci2Je6"}
01055{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":750221,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH\/upFAAC0GmP2KS6u+wKgBuHZf3VEGdfqJHq1HsIAYAfkU5AAAAQEICqQB\/Boi2Je6AckE4Q5wGqK1h74bUJm90BoelIadPmz6lhRRewU824Xu8ALgikKOs6+S0ZDdUZKu6qfCHoc3Ef7qREsftoUNOn2oEsib3dwJ2oZWIL8sjJJiY8bRLvatC+D9opwtVKOUAkvECTzF1WiH\/QomgbSwzq6SesHdvzAhAxFfMG6jqjm9lPCrkJsXZ8\/T1AZ+9TOMuZNqkTAoKR3S55AVz5rdnYaQOcq5x1y6WGMGW6\/r3uooSMVJ3Rtz61\/QntbzcXBSmsU40MKRXFgu90UYpAOOFkJbSKCFYMxJniO5dp\/u0i\/8p9k9jLoZihNqWPcMPnq2XJ0aKf9CgG2siqU7ci0huup1kRssf4qqSKhrzSKqRha8eQkpcZXrCPeMOJ7zfaeq0QJ1Lo7jrwZAVjOgAtLP6mx4PsyyZuYMaGebeLIz2p\/GzeDOparKqAGlDOIaaw\/thW4LLeDXg9otlz21J4gRhgO0twBHNNny8h+TX2h3eHfnqsopHIzdWCjlm6AHIHbrHugvtSaLKGqVTBXj\/fxcxnsqoAHY\/pFxsyYoqEEi57TBuVsskqVz\/eibNjtfvHzH0z2DSbjzZOB8GKJGUnAv0vIE5zftB0Cz1BdV"}
00427{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1550,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":750295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUewBnX8VIAQEB1VuAAAAQEICiLYmLCkAfwa"}
@@ -753,16 +753,16 @@
00432{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751135,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGQlnAqAG4ikurvt1Rdl8erUfQBnX8lYAYEBssTwAAAQEICiLYmLCkAfwbKQ=="}
00603{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751198,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"EBMx8Tl2KDc3AG3ICABFAACwAABAAEAGQd7AqAG4ikurvt1Rdl8erUfRBnX8lYAYEBv9DQAAAQEICiLYmLCkAfwb977E\/ObWYhuqDmyfPgIPwuTmOBezAwvI5cp\/JEum7h5HFcXkmQuscOgcYwoP3pghW0t+Prm\/B8dpBXtVhybDWgUcizbPQrfaHmSDkR9NePwPwpWQOEuKKTKPp5daoVMw3wihmo6gc+IRk8r8HiVFKnnBeU3eKqpy8c\/xqg=="}
00432{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751220,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGQlfAqAG4ikurvt1Rdl8erUhNBnX8lYAYEBvg0AAAAQEICiLYmLCkAfwbYv8R"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751805,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00440{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":752998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00428{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":753063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
01198{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":754605,"pkt_caplen":633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":633,"pkt_l4_len":599,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJrAABAAEAGlGLAqAG4Ti+Tm91hdl8xKZuZz2MjwoAYECxJTAAAAQEICiLYmLNPJ9\/rAjUEaxC968g2R\/UCKOkAMZOG2GOOWkhEE4hBMPwWXGSryh5laEOY1kWT5ispkEnM\/49AUGIIZuJkqD2akSiX\/XVah9j1CHxvoQXnNWCiYfCGLvgMMQzSq2sHb3uVyYKm6ZIChx3IU71KwVaUjNwWUK5WEKS69CEDFdEB33CJ8ZVANf1A7J2459ZkzZUYmuWuESN6qwVAnAnkW57zzCZJ6tekLSrTgxSufEuRo3rLg6y2SWrXZHsMfm8NWC\/coOdUr+hoUV\/5a6o1UoK9kWAk77KyyfipxirR8r7OAjT3q2Stt\/WbpSPWcYV2qqS9Bm4nw5FL48cIcqcdiLPSIb9dEYxC38Z6TP+rtTho8YMsg5GKttdHQR2UgIeOQIgGdeiEqpNL79eaB95gl4RjhykkyaZTqPIP1c1y7eskq6OXasaM5vYH3ha952yxGXLJ8kk\/2FJx8uYrmBx1LLHCx11u5jQNtKtpl6P3LlY88u9lsBi8XGN9pRwXfdB8uUsqhG6qxr4\/YzujpZDRhIcmXTfuFAoCyZ868l0pneYeWhzm8aVdXGngXPpPjlIlA+fh1Dr\/mlSIjt3dwk7D6Hc0GdedJcfKJqZNzCWgifQSHPMms2eXsh03tI85ZIV0zZZIkF1s1LTorhEXICW6oYC9SAvhr5ELvUJ9Gp\/pI3HsEx1stHXgNgeDS+ZTDCNpCRfRNLsSY6c722ZAI0Q6tM+xt1LeuTTvyJ+2D8LSRE2JV7ipflk\/HQZyYEle"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":32,"flow_max_l4_data_len":599,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":776923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
00427{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":777046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
01154{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":778282,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAGLI\/AqAG4I+sl2N1jdl9d8bOcqknE0YAYECw8GwAAAQEICiLYmMk1IQWkAhAE9LX9UDkdTQbLSSKVf\/o+Rbx+cVd78lZfof4WIy1rhMxz3RbpZOK+P94lXMknoMtxJdJQ4A7\/BT3XtB0RN9sUSmjLER26V8aOZ0XKqPmaES\/WPIEFoA6jFEgWSAEtlrcyP2PAwHXqAL3AbQbWGq7PeHB6kv65feTwOi0ydjhJegpyNynyq5tDvSCMsfS2rYkVvUQJGHAU1XK9mqnysHXV8shlebGWRPpI98y1Vxgu0az+7R+egzxR+1BHJN63c+WI9rT8DdcDeJ8KCs1sdnHfcQSyErvf77ZnV\/JsK35u87tFZIhBtc0ha+H7KMsboUnC9ei0iN\/8IUhS5l6devCaEtiowIFyVnWsdGX93DG2McymFU2OUXkEXXRwh3MXWAL1FOfL\/pAsIA1JMiQr\/1EwZ08w6Lj\/yH5r5mTzwJpNcgmyuo44bG5DTYaRB4B9LALur1c8OhYSmtc1hVX8t3t\/iblrMzQiGxF+F\/NAYKQqo\/hrfLdv2S4at4Q1Bcj+GaRaNOwVK2GzfBQ3qBzh0uXtO7lSIzfWd4Ic6VPqTqFQj0\/zWxTGfIn0j3loyEBQRx4YDTqeVkXtu7Is\/9MIlC0FYIpCog73jaUasZzRlH0g\/phdSxjBoehWKT1sYQjp8X9ya0ttTiK9+LoRf4iQjvixkpPAseX9BpmombBDue+eKW\/A5eOEFZroFm1HsfbstLY="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_tot_l4_data_len":678,"flow_min_l4_data_len":32,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00628{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":781990,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00428{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":785326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bUpAADIGjaSLov\/SwKgBuHZf3WDeocLjwf0ACIAQAfsspAAAAQEICuObo90i2Jir"}
00919{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":786372,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGYbUtAADIGjD+Lov\/SwKgBuHZf3WDeocLjwf0ACIAYAfuP7gAAAQEICuObo98i2JirAWIEKyQ7BcAfOyYrN7gPqSvnbne1ZAdjaA7FHyazUIU+faeI7qWkewj+qXxZOJ9iPet+u0+XUOEkGF\/vTBzVaFrHnRPwwRLB6YfWcwrqgpWcyAph9VdH0KpBygaJLTimCpE\/xHgFEXbI0\/164yhOd2npMJGBXzBm+sK7bQZEZSd0lZiaQKT6gQ4gKygTWWyZQb+hFNGP+NY4TO5Bd5iKAwS2l1V\/zlX1Mxe84dAl3uSmUTU5eW+3zayW81o08lvMYblEUMOE5q2hJevddzzCpAKCbBplbMzf\/gCaiRvO14LX\/AQItUYJm6F3jCUsVIS\/pN+i3N011o5qDFyGswU7HNpxmpLySU62Wba8t\/hRm\/zC9D+0f6IHuxoEUgmzXIxuiUiywOheoU84Detr5vLBcJdDiBHnbioLF\/FsOXB0Cu\/\/MFquv10zNTKL3yMEpz1vxIzYZmMHT+P8qhJmJmORkqjd1B0="}
@@ -788,12 +788,12 @@
00439{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":813172,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
00427{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":813279,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
01172{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":814591,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJXAABAAEAG4FrAqAG4XkQ3ot1idl9YCAH0m6Jh0oAYECwXFAAAAQEICiLYmOhpF+qfAiEE37iLH4Byz5aoVSIRnj\/Qz4MQ9XDR0JF7ApiVzj4ntUnldVXSA4CHeCHd1\/eXkzJccAECqPGKuRQf+rvknIMC\/OtOHBpZCHgdYlh9xfWnJAocRvLEeyW1dproXyl1uvktLucffIdsaa6c2BS4MJCqbTvploXJIsmsceqMipXJUBjWV2VPKdFwMlXfmZKFa6ozHzQWxB+03uQQjwg6EOMavhW8dIPCLc6Tve+wDEsYuXE+toFcJ5mRy97txst\/YhfbJ0JxnhBR3cO\/U15XLrxW1t\/hwZJHJ3LnmJC7I2qsvs3CeFRF71d7Gk1mWoQjydgaczYOZzUBGWMkbo3Vl+DaP5LXHfZZXLYQTaJeBbzOAoGzGm7Lpw0IM1HKyZCRoEZrj7m5bK9AMdgjFnchyiocKfXHcusfs2YQjxWurgaSwEQKFs8T1+3dh+B3oSs8z\/aefWfCbqvwGEibR+7PIAQxZ02KE7954qZAL3mwaPBKfTB3pqiJ8OD59Xx6VcaQParzV50QhNAvZWDrV9Ucawysj+mArBGtpIGa4WspYliUgEOp71y+8bBYopILao4xL16IC1QXd+DAYWY+8iBI2yhSdXEkJrsWtYScV\/EbjYLXSddQ7GAMuZNR54+1d+\/8X2d8i78texnyACB+jGphwMoXatKNJL7gfFnqvN\/CPZi9bvy5kEbRdr0KrRSqX5ZJ8v770NGtGVtZGzmnt7NFMU40Yg=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_tot_l4_data_len":695,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00628{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":818517,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHexAAAEARgjvAqAG4Etunn3Zfdl8As7I6jzNiPJIVM3tcF4QguFz6RQGGDso0T\/4eOeRfeMWf4oyQ0IEszB80EYqWvZ5Dhv0d0QTf1b4I2pLi4d6Z91CPKy22KMZLr0TQSl9sdxLmB2kXyrRTAu4NovLwLl22EUUjAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBh"}
00714{"flow_id":66,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827688,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEZFdAADsGznkj6yXYwKgBuHZf3WOqScYzXfG1roAYAfkJoAAAAQEICjUhBdgi2JjesSAHdzO5xunIQpnmN9FX6FS+6+b+rlWAitKZqUsN4JlydDNh8mjvrOyihrLOXJTVyZdVGQVit5m7jfF9BmqEeWNzhIvRflyWm\/7rbphV1TB5YWg8EYXCYgXZjCll5Gpz80Qig1n\/Rrb7wvvj2u967cbqB6Ft0QD6UJ40QYYPNqui6TpHdf1eozH\/E1Yn4adzsVtU5tcU+qCS92tdcfxlyUViHe73BxjKps79HdJ2C8FnJ9y7CJbKLMAda6BPUcVByhJgxZhvbPLj9qCx9aOCRA=="}
00428{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bZeqknHA4AQEBqKWQAAAQEICiLYmPQ1IQXY"}
00473{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827902,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGLoHAqAG4I+sl2N1jdl9d8bZeqknHA4AYEBqCzwAAAQEICiLYmPQ1IQXYxmUj79op++5WJO44HUqPuDNYLWB9AuJOPqqc\/gMDtt4="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":828265,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00428{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":837105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0q5tAACsGiei2oqE9wKgBuHZf3Ueh\/8nVB33+UYAQAHo91wAAAQEICjwSYk8i2Jem"}
01092{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":838947,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIcq5xAACsGh\/+2oqE9wKgBuHZf3Ueh\/8nVB33+UYAYAHpECQAAAQEICjwSYlEi2JemAeYEOFCoDomJpGLeDJQ7AD4gQWAw\/fExrgJLefLaC9Xp4QZKgPOYtoYKSLvC2B0a614x6+NWZNtV6HiBjdMsZDbdolHQ7JzELC37ylnG635DqDVSgHSvy3lh2NfoniEZfAfH0cEIiUWbe3mPyTPe6vTdxkhO4RfsSeCl\/Iuv0aPuaOjPapzEKrdgIX97jXJ7VdfIECX4djICMGTBhet8wSyTQzA6hSIiU5n+3hFHmS4KopsAX3K3nhQBVScbt+VlKCGzYcIM94qH20W4U5\/bSAv22yO5EZSl9L2SBS1fUPL+EHCWZd5y0xwwjB6fGQ57Pqq\/QaZo5vt+RxCYfTtCT+rgwHESoJSbydmutp839nAHLxFv8U\/sulhVQGHtPDKKGWpvluVQvKv8yffG6WmH083mBF6i\/TvfA1Ai8ObQP7DDyGRPV4A9tvK927LKkSq3Fy6Q+WMHRlkmJiKtSH0ePIcOW19v9o7oR\/EBj4+UAzku5MRdXcJ3EJEnyVDe1T1h6AOYr2KqlQUrTNUgPVr9WpA7AsJCBDGWItCB0o3cOywzU6MfqSdN4cAUlYvuBuffQ4gLyo\/Wr32TQhogtgqsZ1ASnhilAwuU68iuHCPoS4jRbh1o6TuKRrtjI7CjSC75sywdKhLgC24="}
@@ -806,9 +806,9 @@
00451{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839812,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2KDc3AG3ICABFAABBAABAAEAGIHfAqAG4tqKhPd1Hdl8Hff5xof\/LvbAYEBygxQAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+eA=="}
00622{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839868,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"EBMx8Tl2KDc3AG3ICABFAAC8AABAAEAGH\/zAqAG4tqKhPd1Hdl8Hff5yof\/LvbAYEByf\/QAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+htnM9YjeCBpeUlMdaGr6u0okHbghKJ5iKuG51mCVFuMQDYcMIeM2B3nAaB6iRiZuIcnO\/vYn3SJ3jO3zGU0sB0k4gNoAfMCVJUpE5SiBRxJHYfHz6RHc8ehuJQ7gaqA+Vx+Z9SWjcFEMdNLt\/KKwarHUTmi9+rCEAZt8oA=="}
00451{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839890,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"EBMx8Tl2KDc3AG3ICABFAABDAABAAEAGIHXAqAG4tqKhPd1Hdl8Hff7uof\/LvbAYEBxHrgAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+G5i1"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":846680,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":852452,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00420{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":881659,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEm9AADQGZggj5egTwKgBuHZf3VbzHyaN6OsKtlAQAOd\/jwAAAAAAAAAA"}
01000{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":883657,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHZEnBAADQGZFYj5egTwKgBuHZf3VbzHyaN6OsKtlAYAOeH\/wAAAa8EmQomFbi70KhC3XxE72DxBvD9p5iLXoswYW6\/gAhAtcBPdy2IF4g6Zsq5L6mQY1FFDy9F6hOmLuhrR0m1YC9bU6dTqjuLL2diEP92tYsMIrcMmOhv8kWba3QViUQKRuxX0IClDzcDI3xHcm1ntJ8uOsPuOF7huyMD8urSQEnC7vb7AuArLdhIhwaVFvKSE3pYDW43iQm8hmM+xEqITniENZtEQMMAmoRwZwcStvSG97fzWbjIG36BdoGU+IpEHCoOJxR3Y4j4RDxqPo59MtZWDy8AYJks3tkaucKHsJshQsMnyYdtLPVGI\/sR2jxV3+deLU+5QQ92are4rPfF+ZVa2vfdzFpjY7Iuq1MkKIkebUBcatJYe3q\/PvAKwfKCxCzRNRWB9ntGSR8wu0QeNeIenGMExE4V2FmxPxXRzaRmHYpEhIrXz6ppvQ7wtTTufbdh+bi1s01fgpRYVksPNqakCjEoiT1qGjol4PpRaJlQOJQjf2DZTcHYLuRtLhaFTkJ+inH0azYx8Y5tTnN+XI3D8kJ8RSUWNU4GKv\/+B9nt1rWrdutj6m6j\/iOnVThJZA=="}
@@ -821,7 +821,7 @@
00414{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884334,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oYVAQH\/5epAAA"}
00432{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884440,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1EnRAADQGZfYj5egTwKgBuHZf3VbzHyhh6OsKtlAYAOcChwAAPNB3aYtxQoCP62kIAA=="}
00414{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884469,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oblAQH\/5elwAA"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":885366,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00427{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":888301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TipAADEGo1NeRDeiwKgBuHZf3WKbomHSWAgEF4AQAOtgdQAAAQEICmkX6uci2Jjo"}
01114{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1752,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":889284,"pkt_caplen":570,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":570,"pkt_l4_len":536,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIsTitAADEGoVpeRDeiwKgBuHZf3WKbomHSWAgEF4AYAOsCFwAAAQEICmkX6ugi2JjoAfYEfPh5MrmObWsuLcvqinChq5GezjbAjlW0JZ27Go0F7k3xuihDSFEU0yi2f5uu7VSsIa9gYq0vfpLLYg+8a7mnqYafh2s6S7p2xg6Mtjlskj6mN+Rz68sJHZN2s6w9KGc7y4JA+jMwLBLYs8\/7FGRICdElFj6R1I1vUUWgk1KChmZhc6oJJ3aZ9wSqIxUqhUAWDqLaHkpUHIYz8caq7+Qf4RM\/Ife5u2GgEt9h6n87CaTIYjZ1icZ4+LFwI8\/6rhZ6ePhM\/pfiOVr+0b22J2AGqnHinspoEPF5Ri4drhFdX\/esUUM2PA936wbK8AtKEH34droaY9VEuXJPqnQca+sEMUZk8I0exXK19e4YnWJoF0TX\/RZyB\/HAKtcB10UdrcDPdxtbLCgOAEQ\/WB8yMfsLHsqWNnxQiMOwJJi3DLOzxI27vsPDOkraVydyNxjDxi15cxb65bqHOnEdjoIWTE+dOu79thyGowh11y7AiwE9cCMWbI4IWHtt\/c3ZpEwukSPjTbUm92e8ceA0\/sHG\/xLh5qGMKZBTt3CIiaqp2BpgyMIKHhsl4HMIgXKa\/EBOOSpa0uuKUTjfSj2Koe9PjHUD4d1VBWtDh03833QakssG6c1qooHrAG1RJCUap1uJSFAsVA9WAlXNNEBQHhGq80xRFlp9wXrj"}
@@ -838,14 +838,14 @@
00441{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":903324,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
00427{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":903403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00953{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":904731,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGtMnAqAG4I+SeNN1ndl9FuX9bssfB+IAYECwuKgAAAQEICiLYmTmAlezxAYAEAI1WBIPOD+hvKzPihfgTsOhWByW+C6Yhi3aeyyxqusCgQH9q37FRiEsngnOCMI7rJEwEPvgUNolGAytmmnyJRsIzn8vdMIkApueE7gMLi1YpwTjQaWrs+8xiJzorrCETkzisBPhidyCcKQ8Kr7fMnn0S3bt2fTuis2U17aEnv4rA7qNEJ8\/qQ5MkfWeXh5GUk7QhxTxf6VWzZJ9gCVFp1hgqpFInxoD2RNquVcofYzLkoB5d9NYmXmMCB\/qQogZwzumq7QPVd1imlhdTGHBWnP7S8KIIuUh8Qbp8ZLK2AYPjY11xLDym9J5RNBVK8mtNpRXDXJTPh+QjbCzaLb0dMDVQlgD9QBs\/WLOKpoOvhBwf3GhqdniMnF2B\/RZcNkHU\/1mz6h1baVoqZvvLDXKFuU4QXpkwBNr+0pNztLGHhSmPsjE71AWc7lo\/1OrevhLNW+p2gRC9\/GtyljgFr98tzwExGKsXkY2VdoZiaj0TAL+A8kThPoEqTVMfwZ8EVYI="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":32,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":919739,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":925923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00427{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":926010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
01115{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":927412,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIqAABAAEAG1+DAqAG4z7TO2N1pdl+dzwtnJw8AtoAYECz3aAAAAQEICiLYmU1cfI6dAfQEOtheYzZ3ToHpdnjPq+WTlV2N5YhX4HNfpe1NKrOUZnLF1eT\/PeeoMMIkKh\/DkVHT5erq5iLxOcqC8dq2P9yyBVP9NLipJL+0WTRaDCfOFiHp6eQuX4fc\/C1mgNozcW7bne9FJjl4PMHYYsSA\/cfk1Po4ifI83DgcIadRba3\/Lpfh5z5yYHFNZEPI6DvXWQgpBAp9MWZRHnK2h7WjiD8wEOe0ez0HD4JoWp4BbpZF8LYgL+gBjgp8rckk6fDFLIv3cC+uMNaFnCpqhBSZxmJH2km2+BJaGY+UdVvSlXi0QiW+WPWdZRcj6\/HDQ+zbwJU+0pKdv4YBHcLU\/VxaaVCQJHVrxSqBXdw01gj0Fp50lJVJ476zGKf92Kf8jOUW82E8kedUehXGuJZQ47uAEanwY6caqald0YLfNWDjPm3lcpaCUMfI\/8u7BO6+\/8zCh7WVaZ28LT8I1ki9SGCivJoHRgKXEqq+ENPd3dhz\/saYb51gTVsfgiuDB5cF02dKphNqRedTZtbSueN\/+dPjnDlI3fDrLr0zByX8auwNsXlmkWzsTEMlwd\/or+AvjTG8hkunghjoOmGqza5uwUKQUntCo9BS+5Tk10Nb6kYc7gwSsd\/9zPpGEYJ7vw4Rv96NsaInOoafZRNhi0su2r64NPkrkLStyQ=="}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":32,"flow_max_l4_data_len":534,"flow_avg_l4_data_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01839{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":942163,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9mydAACMRO64S26efwKgBuHZfdl8EKYZTXl9nR0bCigsYkwIouquQyc3+AofEtLxBt97YcJjIhIQOQzvpw7JSwTRVmtMyVvNUwbk8AzsQ3J0Q8IuRnoqtSTMHQWtczvdT5CiWh8Il1YF8Oo+DZ3rLImUzPg567\/HAAQT5A7z5A7T4TYQx94sMgnfKgnfKuEAldMvpilMmmsXOb0UiK\/pXcEX9wLnsvFxN8YoJD+fRgLlvBTTnnertwVO7jqz2nnkV5grBGTxPtpFPqZtvXv79+E2EM1PtLIJ2X4J2X7hASKAqA2BKTdiaCPOcmghiOUqLTmhIU\/iFN0FzORI9QqL\/ASydUi62EHwXTzA\/fp65KG0mifkavhHHMz9\/Mj5oT\/hNhFhjXduCdl+Cdl+4QMfTD069OG9K65Uq2FO30zDLaxIQfh9M3JMigsMMVxWs93PhZyVAUKIF8OllHyKtZ6JDfb2n6\/3Zd33I7Ue6EOT4TYTOvWsjgnZfgnZfuECMwlbkxKXdVRuNzPxOBmCH\/d6gKK0jTWuF6N7RXiQtBDknmQpQqFixyQ8vWuWWmQbbID+2TmbfmTeVdesiv2ys+E2EiPRn+YJ3yoJ3yrhAnBJYZrwVS6WL8YPbZVm5Hvr5wD16ulrvhVmO\/md71STVG46jVUdnKMefuDHCWyWOKYjnoTE+AToblCDJhIBdAfhNhE4vk5uCdl+Cdl+4QGOPEJSx+\/AwdHFMTlis\/v4hIK5ESY9sqvOOhpuoig0RTP9hGcBXbDqTjsNmMoiSwIwPlu3zy6eGfQSwtin9LNf4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2En0FGdYJ2XYJ2XbhAHyheJE13j6VRmDRu4fEmJC84AjXDdidjXm+UkegBH2Pesl26jJ4VetGifnXfNc9Um70sLhA4A0Nb+xgd8yykgPhNhDTW47uCdl2Cdl24QEEhpAYNBSJLHygnprVib9JuD7\/j4GV8dQW0sc+sa5VdmfAlgKVT5PqKKl5X+Oq80\/KZEmlO0DJGsV6rd66IOSj4TYSVOPCZgn4vgn4vuEBAXa3H9lkmL\/cI+T56li9\/a\/8fcuwqLHFKohKlOHbQerBqUu81nyVV4pg99cRR1\/tRUSx3ITG+w5bqki\/bwlhF+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhLlFaHqCdmGCdmG4QPlZR+AY\/WWyOFBfHYsE0NSSfqb3BulToEx6P+biNu\/IDgwANxeAv\/UuIgLLd9bJXAyFKqlCUB2gYwf\/1HIjo6GEXhYgYQ=="}
00976{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1779,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":942196,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFmyhAACMRPiUS26efwKgBuHZfdl8BsUOp1uvul5h3yP1+blVtAfMQbNxR28H+fcm6RpfgKuMuvbzkFLfpL84iIRZj\/Onq7iQP0Ckcfw9BNQP+F5mzam7gIh7ykP8ukizRNryNjdFnk4oFCnTmet3\/DXM+QE35816JAQT5AUT5ATz4TYTPtNC5gnZfgnZfuECGNEfubTO5SeBErTUqmVt5so9Zgd6EYO6ylOwljlCQBmkGlzohTkRpuVGHRqnv0LYVWbwPs3oeiiRudzIU\/qX1+E2EI+SeNIJ2X4J2X7hAV4A+3JOM1sCZmzEn5hJK0x9Sm2mL4KT0K1aWj8WeSai3nPOGDjBh5uMRqogMw00qBit5PBP6jpfh65yUjNwoFPhNhLkZzNGCb\/GCb\/G4QFrXd\/U94Bj6lef5AMbYfa9GdtSMAtzjvIozUMZotoIFcCaoNltPM19KoYFMBU8UWewm2cIULQW\/TDRsghGZ1an4TYQS6PSJgnZfgnZfuEBlPSPX8lLcU2iUNM0ydJ\/NQH2W3\/cg3hYOddSURBRT8m5e5b3cJ\/Es6rWn9ugiqojj4rdcFXfRNFBz+yGqrzgKhF4WIGE="}
00595{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":951357,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"}
@@ -868,12 +868,12 @@
00712{"flow_id":70,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4677,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEojVAADMGQ9HPtM7YwKgBuHZf3WknDwH0nc8NXYAYAOvksQAAAQEIClx8jusi2Jly28iJfqlnMu83LDC0xfM0r0E5TfT75slEXNEgJtxw1Uh1n1c6RZA0jKvLXongUZeEzF1o+6qT8VGaLqdNX0XHczpZi\/6FmmSm2rKhKy75HrF6fiuwMO85wHyVZ84xLnyt3JBC7I\/KTgittaNvVG4UACTsfigRc86McQ+KCKyIUyrK74yEU1iFP8wyLKgfocUfkq\/7Hvaj0xLc6aZwUbnRdEQatoYHlWB8VjwawanY1hqJT5m79uBHezOp42ATeQPGjU++4M3MyksCxtsjgS6xfw=="}
00426{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4708,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ojZAADMGRKDPtM7YwKgBuHZf3WknDwLEnc8NfoAQAOtERgAAAQEIClx8juwi2Jlz"}
00426{"flow_id":70,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4779,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzw4NJw8CxIAQEBs0ZAAAAQEICiLYmZdcfI7r"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":5550,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00712{"flow_id":68,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19399,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEElshAADUGKbMj5J40wKgBuHZf3Weyx8NqRbmA3YAYAfu5ZwAAAQEICoCV7WYi2Jlw\/VchYp9WnJ3+zFkHxCjUeSKKubwsCzHL8F3dpFfOBNfc1Ru8d+rMRG0ACVM7R1aP0Gloz4D2ImwPGrOpgt0zMlapCRo9ZRaZwSOxFvB8eNy2LSd8kKTMGqh12atHZD5B3DUxSi8J0YaA2ELuoQ1aoKH0GJe+pHOdo+BX28euGlBhzdLprYhTDnJtBBdM7lhPLxIaWTScqzqpqavJcB8EkKzLl+\/jsfVtsUmAzsLvMxRboV5sZPMkADF2JBssusdztVyBiuAhngXx6XyXilkCRQ=="}
00427{"flow_id":68,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuYGNssfEOoAQEBklogAAAQEICiLYmaSAle1m"}
00471{"flow_id":68,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19814,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtivAqAG4I+SeNN1ndl9FuYGNssfEOoAYEBmgbwAAAQEICiLYmaSAle1mKsWiTIXS5Mc5RUOD6OkYbREkfBTkkeSNB0THQamLANU="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":20357,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00444{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":29471,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00751{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":40439,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkMZJAAC4GdhdOL5ObwKgBuHZf3WHPYyUdMSmd0IAYAOwP5AAAAQEICk8n4Qoi2Jiz+WuEmVeTussSRtxNbHdPT1uknZCO3iddAUlEGG7lnqrwBDdgCsFPrF1yK6ImtV01Mnntqk3rvSImsW63OFSPlrCmXlcGRTibgtIkW4MDAJ\/AskVpKnUkjiuqdygkabvXTvkGzMSN1Eh8OFn9iB40+j0XyeJH1kkHBTI6eXW+6BehVc8YcucnQzoL5CQztC\/0koPs+Yk8vxJhNzXXV5aGmau3sxddLaJmY9GhZD8VIdI2h1IErpT6WMvnh8eCeOKCPxhisAX1TQiJjBTFThGrygeqLrUdvV9y1dwohRW8iWuHHiTfXIExtJCa6VnA0ZYM"}
@@ -881,15 +881,15 @@
00438{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":47911,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
00426{"flow_id":72,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":48028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
01196{"flow_id":72,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":49271,"pkt_caplen":627,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":627,"pkt_l4_len":593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJlAABAAEAGVbPAqAG4M1PtLN1sdl8dp4x3z94FhoAYECzkGQAAAQEICiLYmb5pVMVvAi8E\/d9Shp1Wof8nVfGKSM7RJvZNnmo9Ga6lzZbYzi6xSLj4mEhy87UBYqhItSXH4wiYhdnDEJxLeAeplMjCZwQTwUI8r\/mqMtilbtgqJT7FHqn0KzlloleWAbZcf6RlrFtZ+F8jJ7d3e\/qZCiSBcMfqrrKnpnfxc6PIgqW5xYAYLK9yKcvSLAthK38BCICCNxyBBw7u9bug3ilfal21loP8Z1nrYKE95xWUGXfm5fAO+XMs4jFhl3lCjbaO4X7O\/JRozVxKZzbQbET0htqvSmBtotzO3mbtHUrxkXocnjFFfRVAvVFQkIv0y2lSmDhN2\/kaxj\/C9pgnKUdG9kNfypLyW1MZftVLhrXhB9NbB+8rz2h\/\/8pPaj6K1fgAlnijKLWFb1uatTe5sSuE5gwtbVsLNBM8LabHDjVaIM0\/kYnHq5r+3\/aXBoTt8dX\/gq1i3sQtVBYZmFfJqH\/SkNEzGdUjeFFGAv7VDOYmrElKcwUexLIhXyJFoioI4\/cRNch1Va2\/IlEtxbqmlzxSxGwCLmkvpyRDYfxTKPC5NyhDapWoF1kUdBp+nzPdGgI26LRewDIJuRJhKJEardu5IggSLJb5AkveE\/UbFjmbKj\/XiD2mL\/0Ba3t9izaWL9PFZQRtpRodbjv22\/8K4lmJ2HjJFnn2txGVtr0rMlkpzMuQYvRt3qcLcpw57AfIeEvnEdP+VwFcYzFTY77NGn7Bk4C7pH0Cb5Yui+\/0U8zszRFnU4LK"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_tot_l4_data_len":709,"flow_min_l4_data_len":32,"flow_max_l4_data_len":593,"flow_avg_l4_data_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":53699,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
00427{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":53757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
01036{"flow_id":69,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":55031,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHzAABAAEAG2y\/AqAG4ijsROt1odl\/ttHvcdXFX84AYECxJRgAAAQEICiLYmcPYuYPhAb0EyFeCRkVW7xKjMJnkKdVN4VmEcRbZb6qac5GzUua9GdONKNMWjh5cdEV09YLTutDtYHGQDnHn76SSjHS+061NKkbohQJuV4I7kbzXsKd9Qa09IaHs8Z1\/2SlmEx9qpaxj3x\/puNCp2K1CS8MsEj1RFk8Yb0eFQtqjhLs\/FkKfwZMK9rGGqe68FOs1s1zkpiD9Vgj13\/IcntW99pt9wSexahGzJJOLD3TAKDPUeMdUj7rBi7b06Y3buzihLZVOQoWjabiMbAWHJOTcdZSv9xrxMq2SPwwKaV98\/x3+del4d1nHrx3tECAvBcIjIRX7\/ugU0u5dNNbrVfIvbOZrn0RgEVow8X\/LFaRlKusezAac574M4r9vaUCFW7kzUXZbLakP+KO3M3u6l9TNDc\/mjr+am0Hz49uo+hCGmj0lwjeEbB4DRzQI61poEZ9UBxyJyci5GsyZILcbb9e4tercN8jUjknNWYi\/WR0W8WZFZZMHMO5FCPUc467eAS+fok+tU5bA5OUk4xPuV9XutmdmDJuBWsXnaeelN5b5MWxerAH7MBBMBgR2RSH7aWdbn3cuC8hFs1vuMnNnJoxNFHd8"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":32,"flow_max_l4_data_len":479,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":58177,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
00426{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":58290,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
01215{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":59449,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ4AABAAEAGv+HAqAG4WGNd291tdl+CSdQdZDKVsIAYECxi5gAAAQEICiLYmcdXTVsMAkIEkU6nNDsxTimm1+lLIM9VAtDD96FWduAKv2o7tn9pg5MVAkOlOVQb\/Xnad7N8GyCEZIAprkWLu5XsJegMQIC8fkIR9S38ycW0YYnM\/im4zvuKRhf\/c3huXgugQKX39sJV\/7Ha9xRxYzIlvSSFLsDo\/6Qn4IO++AZaabw4aKrdnQ0WMQhOnXE5cJMAPFZxbbfL8IxuO7Dz1K0i5h5bkCeK9+\/Gt3b\/VyW8c5Zhh0UkXEzpp89UPtnGpJQXAG9IqEnLXUSMD1LpV66H4a8Qc6nvfeq5vU\/xZjZAyzvEW1q5ILYGeQvc8GMntYiEgfDfED8vvMAUPdnXeTbHW1HeANMbiHXCbZhK2+gXVzpSgv74B9pnRDZnlgnutHC\/8XPbTHEZuJkR5UGgSYC46E5rszgjczIZo4pVPtCYlNkNRpKDzCOJl6sqAvlw1xq0rBJa3A1x0jnRfsq+lQgOvj3G7eSUdu7jVUEamyfkInFJZhPtc0zm5EESxm7D3cqablMR9oTI9Ezj5XKyHFmra0B9wQjEz38HdfaUDzTs8DHGPSK34n5+cl\/xlQVz4N1xqA5D8lqHtrp2yCCYjg+3V++Er7SZLvHCRxmWZYVG0WQp905J7e9aoBpaRRifRIpj8LjvV3Qav5XZ11iUErkIqvJdI3buKkfz6f42KqHb8SZRPPn2hi6vy+yjx+0yZFXPpsmgIUkO9lHJxTj+R38BFIe5uM7xzCcSI6M89NfNaAOg1fZ5DfyPg+0xi9rbBtRivyHaZkRfPw=="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":612,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66179,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0RYJAACwG3kt82eu0wKgBuHZf3VfxiPe+S9oIRIAQAOvB9QAAAQEICsj4c4ci2Jh4"}
00929{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66535,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGk1PdAACcG1CHKcBxqwKgBuHZf3U9YWyafOLFiFIAYAHZg7wAAAQEICicf8lQi2JhAAW4Eb4tJ4G0jm2w2X\/dME5pw7vBa9j9ujIWIKs1wYP1tPpT\/JMFATlW0qVpxMkCH9duymFjwMU5KrD3BPQhTeMFKe4hWJT3IWd5JIGgm1wRv\/epylyFqqL1ZQXmZ8+FAUctl9hZ45+DUgNYu5jDw5TE6BWg+pTb4WO9NaRwmsqvxFJkrOzTQY7RUkqeLF11yrrhmQAOk671BkBostX733SY03j5J2I89zTwy7rzP+VfVAcLjaiLu1ZCSAja37gScTIARq\/8Hi95BT9wkXsvyjDE0qz+A\/HG6CSCINuBOFCNSm+3F0L4nSkQyzhCUQvPPJGb9DRx1OV2POt4AnXmOmldfV9VssdrXMg2KbqMmmjuooxPlh5iubQXg9nnuNkC3jPI8Y3bw9bHW6SKs5FKUJ0s1h8NIvL0Jm4chNTujBy02Lz0x3JZXPgIJJJe\/4xdGFMyFazMdL5Y\/H0rbFz0t4fZ1B7x8A87E7XEr\/L5Ldp4="}
00427{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWIUWFsoD4AQECB4aQAAAQEICiLYmc0nH\/JU"}
@@ -912,7 +912,7 @@
00431{"flow_id":57,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71354,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGD9PAqAG4fNnrtN1Xdl9L2gjh8Yj5JoAYECDQSAAAAQEICiLYmdHI+HOMxwkY"}
00451{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71381,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEAABAAEAGD8bAqAG4fNnrtN1Xdl9L2gjk8Yj5JoAYECA17gAAAQEICiLYmdHI+HOMGATc1lZhbFAlvJTq3pUoiw=="}
00471{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73178,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABURYVAACwG3ih82eu0wKgBuHZf3VfxiPkmS9oIRIAZAOujxwAAAQEICsj4c4wi2Jh4rr7DuxmIwtJpSsrQz7Sxem3AKUGCV5rPSZt7ukB2XoM="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73881,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00900{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81054,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGPMZNAAC4GdatOL5ObwKgBuHZf3WHPYyPCMSmd0IAYAOyIdgAAAQEICk8n4TMi2Jm2AVkEJZ5cU9MDJlBNDXIXztcPdOBLHNvcRoMXO83z53y6EuOfQkNEaKSu\/v3bFSWa7m2knZBnXbPEG8LEd7zNzLvq0HuwDTEJvABQSpScSTfbunVx+nesDScVTsThcpgMBRsm\/08NVVKIMPuc2AKyxl669J8d3GEVarD8GV\/EIyM9ZLqOa6j8ekumxdegV\/\/6qklVQSG4bNSUMxfvcWSgwTfFLd2HaDulqveu5BLerLUV88uiiA3nrG+sP4JoJ2uQ36SChibpDPJ1lrBC0ph0F6YhErOQMvl6dV58POnN8fRemxFRZwJjMHBNJd64lHI6go8F15WqN8dzJXcZzo35VrJ8t\/BChothVgx0RjzsDg4tEqHlAb1N0FiPcY8b4VfHYiCdDuWGGnUD+6IxNFpsLDw2R3DhsU4MWB17W375bxlkAwsDtIh5jzF0T3lPmEUNSkfiKcoj0WD8\/Pg="}
00426{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZ3Qz2MmDYAQEBm9QAAAAQEICiLYmdlPJ+Ez"}
@@ -925,7 +925,7 @@
00453{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":82057,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEAABAAEAGlonAqAG4Ti+Tm91hdl8xKZ5wz2MmDYAYEBlMBgAAAQEICiLYmdlPJ+Ezk5AMYSvFtw\/6\/LNCBCQ7WA=="}
00472{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":82417,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGlnnAqAG4Ti+Tm91hdl8xKZ6Az2MmDYAYEBm91QAAAQEICiLYmdpPJ+EzUEeyoazh7D7PL19FH7tlm\/ENzOokkNHBRSNeZo6HyGA="}
00978{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":83506,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHIAABAAEAGWg7AqAG4DfsOx91mdl9PCwRidy3gf4AYECz5oAAAAQEICiLYmdsTnX6eAZIEFrCo0N0ttqxpYaQ6\/DDzSswuwkgUgdNkL3WZM1v1fyZ2Ylb0NhLSoQBhonZfsRcPAuF\/WO+nwsCvfGQeXaGMXAMSJ7v0OK8rWtUAPR\/+qKg\/XDdHLSziLdfWzAHrSQazvItj3Lw3XRQytKVnPvrtJorfzhpqvmlk3d37bBGJ23mvRwVp6tPmv1ESOYsCymML4zMT1t025sBho2nQSsaSJ4ZnhF0vk41IwL32D5dq21fVy5+y1NCcpufvNBWXe2eG07dRg8loNL6osx09j8oPyPKWdkxz7f\/DS6IBNmlc912u9lmrDEBrovoPr+LTCo8NesjjPWN0GGyRe3fwZ4NJTeCiNRLC8wl+lpmnFnS\/\/w+3lom\/uRfaeuXXdvZmEq8WiM6jvqdvu+VG1DiPSG4DrK31EcD8gbYHKYXiSBoMYQDJ\/z4TrLKf4Ij6fWuNND3e3uJqm4GTASLM2T5zBmJCMa1h0RvyDJ6RKhfmsA4tFXWF4FD7J9ZVLqqtXan1mlOvoM8do0UUOv6GHD3Zlxjl0SY="}
00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00427{"flow_id":72,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":90791,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0\/xlAAC4GasozU+0swKgBuHZf3WzP3gWGHaeOqIAQAOzR6gAAAQEICmlUxZoi2Jm+"}
00927{"flow_id":72,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":92320,"pkt_caplen":432,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":432,"pkt_l4_len":398,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGi\/xpAAC4GaVszU+0swKgBuHZf3WzP3gWGHaeOqIAYAOytOQAAAQEICmlUxZsi2Jm+AWwEWjjva5QWmp3vGWesR7IRqIsE5fQYHzAEbOCBJchDIemq1HWu1HB6VIM5Hp\/KJ9QlOqR4W7jVPsaowfNnsBvJtTZG460snQaRFqBAd3CcoV8yXpX2QNS4U\/iPIOrzMvsNkFLBsirknEgh4rjazC6U742VFERXAwxELeBUAe05Iz5hYHrGjQ5mOrpvV\/1haMWqbjQNmLeMHneQefia4uaygz\/+2vRiTzWPLwgat+DekWQunRH1ka4+d+horKwAjbDStF0JjlxmUJZgk45xS+\/XJtM+695bO6nXGR6OFLrowCm9Kl+Xe1oEpSs2OO\/SM4cCLMTOHXY29Dnfby2bHKbnepI3bOWsaFNYmPOcA+HqJlykgioPBxtOUQFKap58BCDOHr0kPlds\/XJ+iJoczHSHWhLrjVQV\/+nWfjX067ToTfE9bPwn7JymVPOWVub7fTU8WXUpSSCcMtBKgoaz7jotgiK\/CkUxgf7t7H7t"}
00426{"flow_id":72,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":92376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp46oz94G9IAQECDBIgAAAQEICiLYmeNpVMWb"}
@@ -945,85 +945,85 @@
00439{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":117663,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
00428{"flow_id":74,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":117769,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
00981{"flow_id":74,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":119559,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHLAABAAEAGPOzAqAG4zr1rI91udl8AOSk\/hQVLAYAYECxdpAAAAQEICiLYmftn2sBGAZUEFk3FYfNys9s55XyY23YdDU3mEgfTwzJe27SlFM87eEMrJbt8cMgfjrjKWMiVLh8DFSnipO+kUBBPaWEbU3Ynmx9QZ3LCiokcuUn7Dv\/+DsRlOpOb9d7+9uxwgEIscONdRtih2SP3JkYCA5iz3x9iSDdCsdlbaZrLb4ApkwQdkHEdITIkUszUt2IX2uTJSV+yWP5LgWIqw0LC3HCjWNkdNsXaTWnyoaf2cxQE1sr8DLAEkla6sbskUUPcZxZdZjiulq\/TmUBdEsi20dCtnTcf\/jmlhSZy3voPmKqnhBPKSsaSYV7gSfuhHvsx91uppt0PNe3c4y1gZjJmVqYegwNwd0Rhv3znUxx3KvFnJvEHZ7qFrzJd+ENToWIdx6FI8UpuevN49imKrwGh6WMiZD5f+DuvvAz7122yS8O20jeD8xnmRJeaN9NLvP5y82I4mw+mgnTQZFXTXU9XVqqqQlOkUsTMTiF0dbm32C97Qj202x3I4SGZE8nwdInxnX8nY65E\/K8JK0edlNviRiUkfu9o\/gCJI\/Y="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_tot_l4_data_len":555,"flow_min_l4_data_len":32,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00718{"flow_id":72,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1989,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133177,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEE\/xtAAC4GafgzU+0swKgBuHZf3WzP3gb0HaeOqIAYAOy\/HwAAAQEICmlUxcQi2JnjOWodgF8zqqT3ux8u1K\/g6U6QBmyPDWBUcKgtfjzQ8ZlvmNh1rnQ0\/PjijhpEydaVIxPYRaibF5WEb1KrRVfkRhE5xHjp+CWzD39yD5ssUUl0J1JfqZGOmgi9deNFDOPhY+vWdzzZzmwC1A5nNc7kk8dUVJrtrtv373RjRw25qIqq\/0+\/hFZW00NdV0znJoUGJE91KNHYPMi7wCtFEj6Ucp0mi8GwDXYDJrWFHthe7h6\/TwY2K3iLjVuLLfeXN76lHvSq1nVFTCIT67e9N28wUg=="}
00429{"flow_id":72,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp49Yz94HxIAQEBq\/WwAAAQEICiLYmgdpVMXE"}
00474{"flow_id":72,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1991,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133434,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGV8TAqAG4M1PtLN1sdl8dp49Yz94HxIAYEBrpfQAAAQEICiLYmgdpVMXEsbvcLYadChRphbpgRufGc3E5TGLY9wr\/00\/QEFUd68g="}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_tot_l4_data_len":2246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":571,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":32,"flow_max_l4_data_len":479,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_tot_l4_data_len":3436,"flow_min_l4_data_len":20,"flow_max_l4_data_len":442,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_tot_l4_data_len":3296,"flow_min_l4_data_len":20,"flow_max_l4_data_len":494,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_tot_l4_data_len":2265,"flow_min_l4_data_len":136,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_tot_l4_data_len":2164,"flow_min_l4_data_len":20,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_tot_l4_data_len":3327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_tot_l4_data_len":2254,"flow_min_l4_data_len":20,"flow_max_l4_data_len":445,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_tot_l4_data_len":2228,"flow_min_l4_data_len":20,"flow_max_l4_data_len":534,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_tot_l4_data_len":1808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":455,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1144,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_tot_l4_data_len":555,"flow_min_l4_data_len":32,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_tot_l4_data_len":2467,"flow_min_l4_data_len":20,"flow_max_l4_data_len":527,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":20,"flow_max_l4_data_len":453,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_tot_l4_data_len":2422,"flow_min_l4_data_len":20,"flow_max_l4_data_len":511,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_tot_l4_data_len":2328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":505,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_tot_l4_data_len":2363,"flow_min_l4_data_len":20,"flow_max_l4_data_len":540,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_tot_l4_data_len":2554,"flow_min_l4_data_len":20,"flow_max_l4_data_len":606,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_tot_l4_data_len":3718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_tot_l4_data_len":2124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_tot_l4_data_len":3043,"flow_min_l4_data_len":20,"flow_max_l4_data_len":501,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_tot_l4_data_len":2134,"flow_min_l4_data_len":20,"flow_max_l4_data_len":421,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_tot_l4_data_len":2418,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_tot_l4_data_len":2439,"flow_min_l4_data_len":20,"flow_max_l4_data_len":485,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_tot_l4_data_len":3058,"flow_min_l4_data_len":32,"flow_max_l4_data_len":599,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":136,"flow_max_l4_data_len":155,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_tot_l4_data_len":3354,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_tot_l4_data_len":586,"flow_min_l4_data_len":136,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_tot_l4_data_len":4026,"flow_min_l4_data_len":20,"flow_max_l4_data_len":578,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_tot_l4_data_len":2114,"flow_min_l4_data_len":32,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_tot_l4_data_len":2401,"flow_min_l4_data_len":20,"flow_max_l4_data_len":502,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_tot_l4_data_len":2255,"flow_min_l4_data_len":20,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_tot_l4_data_len":3718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":605,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_tot_l4_data_len":3248,"flow_min_l4_data_len":20,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_tot_l4_data_len":2080,"flow_min_l4_data_len":20,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_tot_l4_data_len":1901,"flow_min_l4_data_len":32,"flow_max_l4_data_len":577,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_tot_l4_data_len":2088,"flow_min_l4_data_len":20,"flow_max_l4_data_len":449,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_tot_l4_data_len":3274,"flow_min_l4_data_len":20,"flow_max_l4_data_len":506,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_tot_l4_data_len":2271,"flow_min_l4_data_len":20,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_tot_l4_data_len":293,"flow_min_l4_data_len":136,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_tot_l4_data_len":2373,"flow_min_l4_data_len":20,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_tot_l4_data_len":2449,"flow_min_l4_data_len":20,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_tot_l4_data_len":609,"flow_min_l4_data_len":32,"flow_max_l4_data_len":461,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_tot_l4_data_len":2493,"flow_min_l4_data_len":20,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1144,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_tot_l4_data_len":2086,"flow_min_l4_data_len":20,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_tot_l4_data_len":2495,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_tot_l4_data_len":1818,"flow_min_l4_data_len":32,"flow_max_l4_data_len":554,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_tot_l4_data_len":3977,"flow_min_l4_data_len":20,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_tot_l4_data_len":2451,"flow_min_l4_data_len":20,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_tot_l4_data_len":2166,"flow_min_l4_data_len":20,"flow_max_l4_data_len":463,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_tot_l4_data_len":2512,"flow_min_l4_data_len":20,"flow_max_l4_data_len":557,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_tot_l4_data_len":2280,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_tot_l4_data_len":2215,"flow_min_l4_data_len":20,"flow_max_l4_data_len":593,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_tot_l4_data_len":3244,"flow_min_l4_data_len":20,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_tot_l4_data_len":1557,"flow_min_l4_data_len":32,"flow_max_l4_data_len":612,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":20,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_tot_l4_data_len":2240,"flow_min_l4_data_len":20,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_tot_l4_data_len":2648,"flow_min_l4_data_len":20,"flow_max_l4_data_len":603,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test"}

10
test/results/exe_download.pcap.out
View File

@@ -1,13 +1,13 @@
00389{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":4796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324116,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324323,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324979,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"IOUqtpPxAAgCHEeuCABFAADBALNAAIAG\/\/cKCRllkFtFw8ANAFC+hvgfPu\/YuVAY+vAITAAAR0VUIC9zb2xhci5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiBwd3R5eUVLek50R2F0d25Kam1DY0JMYk92ZUNWcGMNCkhvc3Q6IDE0NC45MS42OS4xOTUNCg0K"}
00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00411{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":325236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
02368{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623372,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbQAAIAGNdyQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vA4RgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxNzo1NDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjc5MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LURlc2NyaXB0aW9uOiBGaWxlIFRyYW5zZmVyDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0icGhuMzR5Y2p0Z2htLmV4ZSINCkV4cGlyZXM6IDANCkNhY2hlLUNvbnRyb2w6IG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBwdWJsaWMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADF5hWJgYd72oGHe9qBh3vasqVe2oOHe9pbpGfai4d72likZ9qAh3vae6Ri2piHe9qBh3ra\/4V72nujO9qdh3vae6Nn2gSHe9qqplzaiId72nujZtoZh3vae6M+2oCHe9p7o0bagId72lJpY2iBh3vaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAA3BYtdAAAAAAAAAADgAA8BCwEHAABABAAAwAQAAAAAAGIRAQAAEAAAAFAEAAAAQAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAEAkAABAAAJAACQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAsZAUAGAEAAAAABgDyAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAEAGAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAKMzBAAAEAAAAEAEAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABgOwEAAFAEAABAAQAAUAQAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAxGAAAACQBQAAMAAAAJAFAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAAPIBAwAAAAYAABADAADABQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_tot_l4_data_len":1749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
02109{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623382,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcBbUAAIAGNpuQW0XDCgkZZQBQwA0+795tvob4uFAY+vAhYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00412{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALZAAIAGAI4KCRllkFtFw8ANAFC+hvi4Pu\/jYVAQ+vAhaQAA"}
02237{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":624937,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbYAAIAGNjqQW0XDCgkZZQBQwA0+7+Nhvob4uFAY+vAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -17,5 +17,5 @@
02532{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630207,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbkAAIAGNdeQW0XDCgkZZQBQwA0+7\/Ndvob4uFAQ+vCglwAAAAABAAAAg+xUuRUAAACNdaiL\/POli02k6PMCAABfXovlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6PO9AQCLTaSDudQBAAAAdBiLVbCD4vuJVbCLRaTHgNQBAAAAAAAA6x\/HRawEAIAAx0WwBAAAAMZF+AGLTaTHgdQBAAABAAAAg+xUuRUAAACNdaiL\/POli02k6G8CAABfXovlXcPMzMzMzMzMzMxVi+xRiU38i+Vdw8zMzMzMVYvsav9oTSlEAGShAAAAAFBkiSUAAAAAgey4AAAAiY1A\/\/\/\/aGwBAADoydIBAIPEBImFRP\/\/\/8dF\/AAAAACDvUT\/\/\/8AdBVqAIuNRP\/\/\/+jcAwAAiYU8\/\/\/\/6wrHhTz\/\/\/8AAAAAi4U8\/\/\/\/iYVI\/\/\/\/x0X8\/\/\/\/\/4uNSP\/\/\/4lN8ItV8IsCi03w\/5BAAQAAg\/gBD4W3AAAAx4VM\/\/\/\/nAAAAItN8IO5YAEAAAB0D4uVUP\/\/\/4PKAomVUP\/\/\/4tF8IO4aAEAAAB0D4uNUP\/\/\/4PJAYmNUP\/\/\/4tV8IO6ZAEAAAB0D4uFUP\/\/\/4PIBImFUP\/\/\/4tN8IuRYAEAAGnSoAUAAImVXP\/\/\/4tF8IuIZAEAAGnJoAUAAIlN7ItV7PfaiZVg\/\/\/\/i0Xwi4hoAQAAacmgBQAAA03siY1Y\/\/\/\/jZVM\/\/\/\/UouNQP\/\/\/+hmvAEAi030ZIkNAAAAAIvlXcPMzFWL7FGJTfyLRfyLiMwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNABAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNgBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNQBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7IPsEIlN9I1F\/FCNTfhRi0306Di6AQCLVfg7Vfx1CcdF8P\/\/\/\/\/rBotF\/IlF8ItN8FGLVfhSi0306L65AQCNRQhQi0306MC6AQCL5V3CVADMzMzMzMzMzMzMzMzMzFWL7IHszAAAAImNOP\/\/\/2oBi0UIixCLTQj\/EseFPP\/\/\/wAAAACNhUD\/\/\/9Qi404\/\/\/\/6LG6AQCLTQiLUQSJlTT\/\/\/+DvTT\/\/\/9ldCuDvTT\/\/\/9mdAuDvTT\/\/\/9ndDDrRQ+3hVj\/\/\/+D6AL32BvAQImFPP\/\/\/+s4D7eNWP\/\/\/4PpAffZG8lBiY08\/\/\/\/6yEPt5VY\/\/\/\/g+oD99ob0kKJlTz\/\/\/\/rCseFPP\/\/\/wAAAAAzwIO9PP\/\/\/wAPlcBQi00IixGLTQj\/UgiL5V3CBADMzMxVi+yD7AiJTfyLRQiJRfiDffhldA6DffhmdBSDffhndBrrImoBi0386NP1\/\/\/rFmoCi0386Mf1\/\/\/rCmoDi0386Lv1\/\/+L5V3CBADMzMzMzFWL7ItFCFDoRs8BAIPEBF3CBADMzMzMzMzMzMzMzMzMVYvsUYlN\/GoAi0X8i0gcUf8VUFVEAIvlXcPMzMzMzMxVi+xRiU38agGLRfyLSBxR\/xVQVUQAi+Vdw8zMzMzMzFWL7Gr\/aIEpRABkoQAAAABQZIklAAAAAIPsEIlN5ItFCFBqZotN5Oh3FQIAx0X8AAAAAItN5McBSFxEAItV5IPCcIlV8ItN8OjO2gEAi0XwxwCElEQAxkX8AYtN5IHBwAAAAIlN7ItN7Oit2gEAi1XsxwKElEQAxkX8AotF5AUQAQAAiUXoi03o6I3aAQCLTejHAYSURADHRfz\/\/\/\/\/i0Xki030ZIkNAAAAAIvlXcIEAMzMzMzMzMzMzMzMzMzMzFWL7FE="}
02138{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630216,"pkt_caplen":1302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1302,"pkt_l4_len":1268,"pkt":"AAgCHEeuIOUqtpPxCABFAAUIBboAAIAGNqqQW0XDCgkZZQBQwA0+7\/kRvob4uFAY+vB0WgAAiU38i0386CEAAACLRQiD4AGFwHQMi038UegQzgEAg8QEi0X8i+VdwgQAzMxVi+xq\/2ixKUQAZKEAAAAAUGSJJQAAAABRiU3wx0X8AgAAAItN8IHBEAEAAOiLCwMAxkX8AYtN8IHBwAAAAOh5CwMAxkX8AItN8IPBcOhqCwMAx0X8\/\/\/\/\/4tN8OilEwIAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/ItF\/IPAcFBo6gMAAItNCFHoqYwCAItV\/IHCwAAAAFJo6wMAAItFCFDokYwCAItN\/IHBEAEAAFFo7AMAAItVCFLoeYwCAIvlXcIEAMzMzMzMzMzMzMzMzMzMVYvsUYlN\/LhIW0QAi+Vdw1WL7IPsGIlN6MdF8AAAAADrCYtF8IPAAYlF8IN98Bl9N4tN8IsUjbCQRQBSaKBdRACNRfRQ\/xXUVUQAg8QMjU30UWoAaEMBAACLVQiLQhxQ\/xVIVUQA67rHRewAAAAAagCLTexRaE4BAACLVQiLQhxQ\/xVIVUQAi+VdwgQAzMzMVYvsUYlN\/ItN\/OiFFgIAi0X8g8BwUItN\/Ohi\/\/\/\/i038gcHAAAAAUYtN\/OhQ\/\/\/\/i1X8gcIQAQAAUotN\/Og+\/\/\/\/uAEAAACL5V3DzMzMzMxVi+xq\/2jIKUQAZKEAAAAAUGSJJQAAAACD7CCJTeCLTeDoOuQBAOipGwIAiUXoi0XoixCLTej\/UgyJReyLReyDwBCJRfDHRfwAAAAAjU3wUYtN4IPBcOj27wEAagBqAGhHAQAAi1Xgi4KMAAAAUP8VSFVEAIXAdBGLTfBR6F\/lAACDxASJRdzrB8dF3AAAAACLVeCLRdyJgmABAACNTfBRi03ggcHAAAAA6KPvAQBqAGoAaEcBAACLVeCLgtwAAABQ\/xVIVUQAhcB0EYtN8FHoDOUAAIPEBIlF2OsHx0XYAAAAAItV4ItF2ImCZAEAAI1N8FGLTeCBwRABAADoUO8BAGoAagBoRwEAAItV4IuCLAEAAFD\/FUhVRACFwHQRi03wUei55AAAg8QEiUXU6wfHRdQAAAAAi1Xgi0XUiYJoAQAAx0X8\/\/\/\/\/41N8OifAAAAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/IvlXcIEAMzMzFWL7FGJTfyLRQxQD7dNCFGLVfyLAotN\/P+QNAEAAIvlXcIIAMzMzMzMzMzMzMzMzFWL7FGJTfyLTfzoXQgDAItFCIPgAYXAdAyLTfxR6JDKAQCDxASLRfyL5V3CBADMzFWL7IPsCIlN+ItN+OgPAAAAi+Vdw8zMzMzMzMzMzMzMVYvsg+wIiU34i0X4iwiD6RCJTfyLVfyDwgyDyP\/wD8ECSIXAfxOLTfxRi1X8iwKLTfyLCYsQ\/1IEi+Vdw8zMzFWL7Gr\/aOopRABkoQAAAABQZIklAAAAAIPsDGgYAgAA6NLJAQCDxASJRezHRfwAAAAAg33sAHQNi03s6FAAAACJRejrB8dF6AAAAACLReiJRfDHRfz\/\/\/\/\/i0Xwi030ZIkNAAAAAIvlXcPMzMzMzMxVi+xRiU38uABfRACL5V3DVYvsUYlN\/LikXUQAi+Vdw1WL7Gr\/aBYqRABkoQAAAABQZIklAAAAAFGJTfCLTfDoiScDAMdF\/AAAAACLRfDHAChfRACLTfCBwdAAAADobEsDAMZF"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALhAAIAGAIwKCRllkFtFw8ANAFC+hvi4Pu\/98VAQ+vAG2QAA"}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_tot_l4_data_len":693561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":986,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test"}

10
test/results/exe_download_as_png.pcap.out
View File

@@ -1,13 +1,13 @@
00396{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":40298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440451,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440784,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":441012,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"IOUqtpPxAAgCHEeuCABFAAC9BlNAAIAGv14KCRlluWJXucAtAFB7PMGXLy4K1lAY+vA3lwAAR0VUIC90YWJsb25lLnBuZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClByYWdtYTogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFdpbkhUVFAgbG9hZGVyLzEuMA0KSG9zdDogMTg1Ljk4Ljg3LjE4NQ0KDQo="}
00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":20,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
00418{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":441168,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoESMAAIAG9SO5Yle5CgkZZQBQwC0vLgrWezzCLFAQ+vBIbwAA"}
02375{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":53845,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcESQAAIAG7265Yle5CgkZZQBQwC0vLgrWezzCLFAQ+vCXagAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxODowODoyNCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMjQ5OTA2DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDI1IFNlcCAyMDE5IDEyOjI2OjI1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjVkOGI1Y2YxLTNkMDMyIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAAdgnHaWeMfiVnjH4lZ4x+J2v8RiVjjH4kw\/BaJXeMfibD8EolY4x+JsfwbiVjjH4lSaWNoWeMfiQAAAAAAAAAAUEUAAEwBAwDSQ4tdAAAAAAAAAADgAA8BCwEGAADQAAAA8AIAAAAAANAXAAAAEAAAAOAAAAAAQAAAEAAAABAAAAQAAAABAAAABAAAAAAAAAAA4AMAABAAAGTQAQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA8N4AAJ0AAADU1wAAZAAAAAAAAQBo0gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkBEAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADACAABsAAAAABAAAIQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAI3PAAAAEAAAANAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLmRhdGEAAAAIFgAAAOAAAAAQAAAA4AAAAAAAAAAAAAAAAAAAQAAAwC5yc3JjAAAAaNICAAAAAQAA4AIAAPAAAAAAAAAAAAAAAAAAAEAAAEB\/r39SMAAAAPg3EBo6AAAA7CdUe0cAAQA6xeGNVAAAAMMfsEleAAAAAAAAAAAAAABnZGkzMi5ETEwAb2xlYXV0MzIuRExMAGtlcm5lbDMyLkRMTABOVERMTC5ETEwATVNWQlZNNjAuRExMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00761{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_tot_l4_data_len":1745,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
00772{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
02115{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":53857,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcESUAAIAG8C25Yle5CgkZZQBQwC0vLhCKezzCLFAY+vA9vwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00418{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":54024,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlRAAIAGv\/IKCRlluWJXucAtAFB7PMIsLy4VflAQ+vA9xwAA"}
02243{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":54281,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESYAAIAG78y5Yle5CgkZZQBQwC0vLhV+ezzCLFAY+vA4awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -17,5 +17,5 @@
02264{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":55696,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESkAAIAG78m5Yle5CgkZZQBQwC0vLiV6ezzCLFAY+vCF8gAA6LBFums813x8GqfsAAAAAAAAAGRFQABMAAAAUAAAAN9uiYgizvFGuh2dNdOBjtEAAAAAAAAAAAAAAAAAAAAAAwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPYVAAAAAAAAUEZAAJwAAADoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAAP\/\/\/\/8AAAAA0AAAANEAAADhAAAAAAAAAMPqUh0p6LBFums813x8GqcAFH2S901MS6oECpq+XrR3y+IzLEEPxUGmS11wcgPVKeOSxrAzpaRGvgd9xm+yfh4xjrter\/k+T7eGjRsDtdunPwEAAADgAAAARoT\/DwMAAOxiHWDQkSRJhGgetLBl\/ZJowTPquYefQaoiGxAoHisfAAAAAGITVyAAAAAAAAAAAAAAAAAAAAAAAEFNTUFDQVJFLmpDaGFydABqQ2hhcnQABwAAALRBQAAHAAAAcEFAAAcAAAAsQUAABwAAAOBAQAAHAAAAhEBAAAcAAAAwQEAABwAAAOw\/QAAHAAAAqD9AAAcAAABgP0AABwAAABg\/QAAHAAAAsD5AAAcAAABsPkAABwAAACg+QAAHAAAA3D1AAAcAAACUPUAABwAAAFA9QAAHAAAA7DxAAAcAAACkPEAABwAAAFw8QAAHAAAAFDxAAAcAAADMO0AABwAAAIg7QAAHAAAAGDtAAAcAAADUOkAABwAAAJA6QAAHAAAATDpAAAcAAAAIOkAABwAAAMQ5QAAHAAAAYDlAAAcAAAAEOUAABwAAAMA4QAAHAAAAeDhAAAYAAAD8M0AABwAAAEQwQAAHAAAA\/C9AAAcAAACgL0AABwAAAEwvQAAHAAAA8C5AAPQBAABsK0AAAAAAANBqQADQ10AAABYAAAjgQACmFUAAAOBAACoAXABBAEYAOgBcADgAMQA3ADIAMAAwADAAXABEAGkAYwBWAGUAcgBvAG4AYQA0AFAAYQByAHQAMgAuAHYAYgBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQbQAAmAAAAAQAAAGwrQAAAAAAApGZAAP\/\/\/\/8AAAAAwCtAACDgQAAAAAAAGMdUCQAAAAAAAAAAAAAAAOgeQAABAAAAoDBAAAAAAADoHkAAAQAAAPAeQAABAAAA7B5AAAIAAAD0HkAADwDiAWgAbABEH0AAHO5AAAAAAAA09mAJsDBAAMAwQADQMEAAQAAsAIgGAADgMEAA\/\/\/\/\/wA="}
00420{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":55794,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlZAAIAGv\/AKCRlluWJXucAtAFB7PMIsLy4qzlAQ+vAodwAA"}
02285{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":56830,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESoAAIAG78i5Yle5CgkZZQBQwC0vLirOezzCLFAY+vBtPQAAAAAAAAAAAIAfQADol0AJ8DBAAP\/\/\/\/9AABIAjAYAAJwxQAABAAMAAAAAAAAAAABIIEAA+JdACawxQAABAAMA5CBAAPEgQAD+IEAACyFAABghQAAlIUAAMiFAAD8hQABmIUAAsCBAAL0gQADKIEAA1yBAAEwhQABZIUAAAAAAAPQeQABwHkAAqhdAALAXQAC2F0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMIgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM8gQAC1IEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9AAHAeQACqF0AAsBdAALYXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBbCQEhwYAAOkrSgAAgWwkBIcGAADpzksAAIFsJASHBgAA6cFMAACBbCQEhwYAAOm0TgAAgWwkBP\/\/AADpp08AAIFsJAT\/\/wAA6SpQAACBbCQE\/\/8AAOmNUAAAgWwkBP\/\/AADpQFEAAIFsJAT\/\/wAA6bNRAACBbCQE\/\/8AAOn2UgAAgWwkBP\/\/AADpWVQAAIFsJAT\/\/wAA6UxVAACBbCQE\/\/8AAOn\/WAAAgWwkBP\/\/AADpYmwAAIFsJAT\/\/wAA6eVuAAAAAQADAGwrQAAAAAAAJGdAAP\/\/\/\/8AAAAAUCxAADTgQAAAAAAAQNJQCQAAAAAAAAAAAAAAAOQhQAABAAAAiDZAAAAAAADkIUAAAQAAAOwhQAAAAAAA6CFAAAcAAADsIUAABAC3AWgAbAAEI0AA8OVAAAAAAACo7WAJmDZAANA0QABAABgAOAAAAEQ0QAAFAAMAAAAAAAAAAAAUI0AAgJhACag2QAAFAAMAQAAJADwAAAC0NkAAAQADAAAAAAAAAAAAjCNAAJCYQAnENkAAAQADAEAAEQBAAAAAzDZAAAMAAwAAAAAAAAAAAMgjQACgmEAJ3DZAAAMAAwBAABgARAAAAEQ0QAACAAMAAAAAAAAAAAAkJEAAgJhACeQ2QAACAAMAQAASAEgAAACcMUAABgADAAAAAAAAAAAAnCRAAPiXQAnwNkAABgADAEAAHwBMAAAA\/DZAAP\/\/\/\/8AAAAAAAAAAPwkQACwmEAJDDdAAP\/\/\/\/9AABEAUAAAAMw2QAAEAAMAAAAAAAAAAACQJUAAoJhACRQ3QAAEAAMA7CVAAPslQAASJkAAHyZAAAAAAADsIUAAbCFAAKoXQACwF0AAthdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUIkAAbCFAAKoXQACwF0AAthdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IkAAbCFAAKoXQACwF0AAthdAABcmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGQiQABsIUAAqhdAALAXQAC2F0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_tot_l4_data_len":511293,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":957,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test"}

20
test/results/facebook.pcap.out
View File

@@ -1,32 +1,32 @@
00385{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":365661,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668038,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00692{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668183,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"pkt":"mAyC0zx8MFLLbJwbCABFAAD44NFAAEAGjlPAqCsSQtycRMtiAbv14btz7B3zc4AYAOXLxQAAAQEICgBLXBi7uwhkFgMBAL8BAAC7AwNbh8URkho8fraMBpv52BLid6sw70NU5sSdt5TqEulpNAAAGsArwC\/MqcyowArACcATwBQAMwA5AC8ANQAKAQAAeAAAABEADwAADGZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAAAzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAg=="}
00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":228,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0+htAAE0GaM1C3JxEwKgrEgG7y2LsHfNz9eG8N4AQADsrTQAAAQEICru7CXIAS1wY"}
02289{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981938,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWg+hxAAE0GY2BC3JxEwKgrEgG7y2LsHfNz9eG8N4AQADs4NQAAAQEICru7CXMAS1wYFgMDAEoCAABGAwND9eJDZ6XRoA8\/vZrNEztYnJEjgkJwJf+Fvp1IGEEGSwDAKwAAHgAAAAD\/AQABAAALAAQDAAECACMAAAAQAAUAAwJoMhYDAwtvCwALawALaAAGrTCCBqkwggWRoAMCAQICEA7LCTmysQFUuJVwx7IrekcwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwHhcNMTQwODI4MDAwMDAwWhcNMTYxMjMwMTIwMDAwWjBhMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCk1lbmxvIFBhcmsxFzAVBgNVBAoTDkZhY2Vib29rLCBJbmMuMRcwFQYDVQQDDA4qLmZhY2Vib29rLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNjR3TW94lm2+5sfVBWM279OWL1HvrgQ\/CLp0p6Y+EkqJfuURuRCmYRQHF8B\/RQlMVxO2WT9xQyzRtKhvHC0h46jggQXMIIEEzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUQwmTQPoRSzAz7PKHbo1xGM+KvI4wgccGA1UdEQSBvzCBvIIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0gggqLmZiLmNvbYILKi5mYmNkbi5uZXSCCyouZmJzYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHguZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vib29rLmNvbYIGZmIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB\/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUat76fsAAAQDAEYwRAIgKMh9hl3xFDKdOlA+L8KZgOwTyPkfXZ+KCoH7+eoCjPUCIChvf5ezJwFmu4lNxahTOjTO9qtGrvFwvbgnLcIDKPYsAHYAaPaY+B9kgr46jO65KB1M\/HFRXWeT1ETRCmesu09P+8QAAAFRq3vpvQAABAMARzBFAiEA+3vO+h10a+t2IHcW48BYcrMhNZrAQy2okHfht5raX20CIASqi0LSrMrRh99wVMc="}
00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_tot_l4_data_len":1792,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NJAAEAGjxbAqCsSQtycRMtiAbv14bw37B3434AQAPvLAQAAAQEICgBLXHa7uwlz"}
02295{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981946,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWg+h1AAE0GY19C3JxEwKgrEgG7y2LsHfjf9eG8N4AQADuuwwAAAQEICru7CXMAS1wYHiIgUzbfk1u4H1v8gAXRmlqrsAB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABUat76o8AAAQDAEcwRQIhAP4sttTvlf\/8zXhxgYitOrOjEgyCsti1TObxZv7UfjSlAiAtK9XVE4ScmdkWZRUI3FllxcAsapXn6YOfryaLORAmKDANBgkqhkiG9w0BAQsFAAOCAQEAqpGuUgGMYPYCtpTrr27r3TzI4W8Xq7gogOzcVIJWJMEWCOHCyD48D1MYQH\/fQTaTlV+x2TVDXpRg+dang2p9x7T2C5B2+LQKwTENFhi1y3Fc+ZMCIaq7QP3uChup8sMOJRNjZ6JC63nqX4\/72Lt2jF9hyiy+AUQJrzYeqfdAHKSzZXhCaATwSwx\/H9kT9go7NXlzacc8cOVdBpjqiNXda+ZmYlfPr9D7Z5vgyCA6ubZPOXpfxP2gRoy8x0Sns6tSSduGl+0uvIBWlZ\/SY4RX55IVMuR1xYFSyzsm4V1L\/eA5XoEGr8x+d9GdmgZv7\/f84oZaFlrCBN6A43gfD\/x\/3wAEtTCCBLEwggOZoAMCAQICEATh56TcXPLzbcArQrhdFZ8wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEwMjIxMjAwMDBaMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuAvwiQGyG0EX9fvCmQGsn0iJmUWrkJAm87cn592Bz7DMFWHGblPlA5alB9VVrTCAiqv0JjuC0DXxNA7csgUnu+QsRGprtLIuEM62QsL1dWV9UCvyB3tTZxfV7eGUGiZ9Yra0scFH6iXydyksYKELcatpZzHGYKmhQ9eRFgqN4\/9NfELCCcyWvW7i56kvVHQJ+LdO0IzowUoxLsozJqsKyMNeMZ75l5xt0o+CPuBtxYWoZ0jEk3l15IIrHWknLrNF7IeRDVlf1MlOdEcCppjGxmSdGgKN8LCUkjLOVqituFdwd2gILghopMmbxRKIUHH7W2b8kgv8wP1omiSUy9e4wIDAQABo4IBSTCCAUUwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFFFo\/5CvAgd1PMzZZWRiohK4WXI7MB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBCwUAA4IBAQAYipWJA+Zt31z8HWjqSo+D1lEvjWs="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NNAAEAGjxXAqCsSQtycRMtiAbv14bw37B3+S4AQARLLAQAAAQEICgBLXHa7uwlz"}
00969{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":982477,"pkt_caplen":463,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":463,"pkt_l4_len":429,"pkt":"MFLLbJwbmAyC0zx8CABFAAHB+h5AAE0GZz1C3JxEwKgrEgG7y2LsHf5L9eG8N4AYADuw+gAAAQEICru7CXMAS1wYRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwCUDAAAkAMAF0EERq6qtVs+wlPiSpplvzQpl8xqpRCV1pYimiyndghyaLi0KrU\/et7CPLDLOIucFZNxmUMTOUmvE4hnP2Wy2B9megYDAEcwRQIhAP67F\/d984Px9CxMpzSME8RoPRYET1dJTXwpWwn2T8hCAiBggRuhv+1VT+cAs37zbeQCKLzT3F7BpIYqvzA+mB42GhYDAwAEDgAAAA=="}
01241{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_tot_l4_data_len":3705,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":370,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
01252{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00426{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":982487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NRAAEAGjxTAqCsSQtycRMtiAbv14bw37B3\/2IAQASjLAQAAAQEICgBLXHa7uwlz"}
00599{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":990165,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"mAyC0zx8MFLLbJwbCABFAACy4NVAAEAGjpXAqCsSQtycRMtiAbv14bw37B3\/2IAYASjLfwAAAQEICgBLXHi7uwlzFgMDAEYQAABCQQSAlgFY9IZcjwQPBd3SSxYnf5W+I6IUQLtCuTFvKSoeSzJNC4vEueRm01PoOXo\/YGxo9wieuDET4bYBjDPBwwHxFAMDAAEBFgMDACgAAAAAAAAAAH5uX9yyXIxa\/zk1zAh0oKXPuwxd4KdkybU1YwbgOWCw"}
00950{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":993660,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"mAyC0zx8MFLLbJwbCABFAAGz4NZAAEAGjZPAqCsSQtycRMtiAbv14by17B3\/2IAYASjMgAAAAQEICgBLXHm7uwlzFwMDAJgAAAAAAAAAAc1QwtVeiDayGp42RLjeGVZj7uusHrtykGKrYSjjNBGdfytHTjX9BqGrlhXFHpRI5ItIqF5wbI3Nqys0ptk4tAzrygmznNhWxQoPu52Y\/2q5ev1hTqM9zVAYO69k9ViDv4PGfZTA\/mKDh9u35bh5+5Lc+9VnxzGiacOoCBjoFoHl0efTCcO8J9jn5m9LpinK4BcDAwDdAAAAAAAAAAI++\/8fKkykP9LN2diw\/ZLeccHIf7AmammL3LSyLuG0NLtQIzrm3wKc263vGeN\/FtNieDg6mLxo5Stcs0lEBjR882KaYUmxO7s+M7nLDtv9QkHTeOCqHja00h\/9SIxm\/cBIYs79aawQSgEsMqI6BriBpjfnVPwivJ2yY2AOlfd43Sk3tdCCAEBJBDmKf2K49XMIJLldx3c21U\/bO0GCSz+ps54bHcM7PzkTD8mhzMUCbgFfPa2vUMFnPfXJsl3toBxWZxDo4tx04+z2k4vusMRjzjy7x\/o="}
00782{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391297,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"MFLLbJwbmAyC0zx8CABFAAE2+h9AAE0GZ8dC3JxEwKgrEgG7y2LsHf\/Y9eG8tYAYADvLfwAAAQEICru7CtAAS1x4FgMDAMoEAADGAAKjAADAFQiR\/u1qMSyuiMG2jw0zD0BOx2ZEoC+h5yfZ\/aHoiKV3agik\/rOIcv8JwkST852oQ+ROkK1rjV\/TZjXRBB5lldDYcaKy6KlnuCIAl26B6voPrnm\/eMncwrwsOJt6ySPFwAoK1XUVBKrtRNpVUB9MB3kJyjmXk0vHN8sOa8PKBJZkPxVqY1F\/hstlsqgEtyaTW5BmX1FNIh7VpSwUBZ+UWIhRtcJRMowhsds+M2OCtUGV7eCAtsg9z0MSUxkUoQaXFAMDAAEBFgMDACgSNvkDis0ZoSTD4XoWdCm\/HywniGJgJMyf0JxvM2W\/MIyhKa7W1\/lx"}
00536{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391325,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"MFLLbJwbmAyC0zx8CABFAACF+iBAAE0GaHdC3JxEwKgrEgG7y2LsHgDa9eG8tYAYADt+fAAAAQEICru7CtAAS1x4FwMDAEwSNvkDis0ZotYDEUHWuujm70FV+TWEIePaonjZDsqD2mGpm1zTEdYm0dp9+D54ih5TgReTCCLrCeU6vVxFhqVpVAMMpplemlzSyeZD"}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":550766,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00436{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682883,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
01128{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":683095,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"mAyC0zx8MFLLbJwbCABFAAI5dR9AAEAGYrTAqCsSHw1WJK5GAbsvASg+cOnYd4AYAOVjFwAAAQEICgBLXUglRdDWFgMBAgABAAH8AwM+9tNpxmZK\/eWu6BicR\/VdzCeqETHBQQTjNp6ce6Re6CDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qAAawCvAL8ypzKjACsAJwBPAFAAzADkALwA1AAoBAAGZAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAMAVCJH+V6O+8X2imm8A5SDgHXzaZOkxASoAP7PEoNjKKl9CQSOx\/teLVlne5tIoYDG+cMhqc3xPewtsO6jtNu2A8OCQyx9HEmHS7QX20VvDQq\/STGmFYAcDBbKS4nC6fio3njGW7FzDfetud3qZZ7+M0xYt8VAkhG35Ct6tGM4sR0dgJpKxO\/\/uHgQ595Wbqzav3mtgVLdqqXZj+Rm0AO2brTOq4RRSAn0Yz2Qs7sU+3hKk3fw1CrFvT3svUypcWbkzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAgAVAFkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00424{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":837584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0CRtAAFMGvb0fDVYkwKgrEgG7rkZw6dh3LwEqQ4AQADtuqgAAAQEICiVF0WwAS11I"}
00626{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838069,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"MFLLbJwbmAyC0zx8CABFAADGCRxAAFMGvSofDVYkwKgrEgG7rkZw6dh3LwEqQ4AYADv9TQAAAQEICiVF0WwAS11IFgMDAFoCAABWAwOyE6NOKTMBswvrpLFOz1jmB39VCfqFE6Rr+kbsG3T56yDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qMArAAAO\/wEAAQAAEAAFAAMCaDIUAwMAAQEWAwMAKPBm4AzPMe30kcGHV47ykMueUWB5RUjEcIK30bhxhSXw4FWjRJShiRs="}
00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_tot_l4_data_len":871,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00424{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838077,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dSBAAEAGZLjAqCsSHw1WJK5GAbsvASpDcOnZCYAQAO1hEgAAAQEICgBLXXclRdFs"}
00495{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838321,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"mAyC0zx8MFLLbJwbCABFAABndSFAAEAGZITAqCsSHw1WJK5GAbsvASpDcOnZCYAYAO1hRQAAAQEICgBLXXclRdFsFAMDAAEBFgMDACgAAAAAAAAAAFa8+ZgbktrV2bEUW\/LVlxKn8iTxi1uR4wfFZ6+jvK3W"}
00950{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":841603,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"mAyC0zx8MFLLbJwbCABFAAG2dSJAAEAGYzTAqCsSHw1WJK5GAbsvASp2cOnZCYAYAO1ilAAAAQEICgBLXXglRdFsFwMDAJgAAAAAAAAAAa1AvEsdEhKWtFsYyKCSIZFQb24K0xqOqsKQSejpyp2bP9QjXILHDCqannIgzjwRWOPvR1sfRj6X5M5ncKKgcGTJ4wV6DAVzLtEDTFXGdOgt69+4lyfXgI3tmSRm910P3v78r1ADwQw9K4lDgUSelpEV4iM2BLBa1TLJpDvlv2BDELBMZLhosoZL6dBgi\/bqHRcDAwDgAAAAAAAAAALpwqa95RaQnPy5hX3XtEuUJjJ6\/OuaqpSYnLHWy5ddTG1RbBdEv5zPZ+z+QfrLzaawhKi8Z5rOr6unurnL86TuyICCxizNXVJKGgjCtzDaFSJqbT9C\/ZUDJVOGdP6YBzuq+KlkfeG5kXVevU49J1u2I\/7rHNcTEQuRJzwUCl7qJnxFD4ue8qDO9FZwZ9uyQpvPq9T7m5dx9jo6hlY3PV\/Hdv6yNi6jgzS5od5hXZExZug3vGU7e7eZavjJ5+HZgUnxn\/sZIvn6X4xu61ztPKrDKNWiTE4W\/t4="}
@@ -36,6 +36,6 @@
00484{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":968290,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"MFLLbJwbmAyC0zx8CABFAABeCR9AAFMGvY8fDVYkwKgrEgG7rkZw6dmALwEr+IAYAD9ngQAAAQEICiVF0eUAS114FwMDACXwZuAMzzHt97ZyjO39DSkFoBZdHFHJZUlTmsJ7MnD+3N\/jhCYy"}
00425{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":968321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dSRAAEAGZLTAqCsSHw1WJK5GAbsvASwecOnZqoAQAO1hEgAAAQEICgBLXZ4lRdHl"}
02314{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393124,"pkt_ts_usec":87521,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWgCSBAAFMGuEwfDVYkwKgrEgG7rkZw6dmqLwEr+IAQAD\/xPQAAAQEICiVF0mIAS114FwMDBfTwZuAMzzHt+F\/CnhQc4vog1mXqgUZ7RovGYIf4aFPsiVxEl4j6uvny01g1HY6CBgPuO4sMMP0VKo58e\/op5HRJ64ooOSmwtghUYOYrD54VKVDnxPI\/StkMSinVYzLPaZzw\/M1yLnJ6M78+Bu1Xzt\/gKy6A+MGHvUIf1GPzb+AwCG0XotLwxlTIg3\/MmjciLEwsjGHxiJkEjLN82mGKZu4zJ3N3uyhp5fJSHAbiJ4MXgne2LRjkGFnoXhzV25ABOUQUX6BPTDM8YrAMKPsuVIUsq5qyXXzTYsrimkbBLe++PLrcRI97c4M0M6J5cF8eoanyXRRRcNqKrZEenJQGf6VNxZO974VnB0\/Jck1VYDdyz3esX3JphaCS5oeDahP75ZwLlYD\/el8mOsXWly7ZzB\/MNhB9u4gP2e5R0fZXmbgcaqbkCOYnPmjlwAwNjO+CKYvGZrEYmAb3DUbQon+vciE9Gh3fraldg4xNx0Unr1MZEAiwOxUhIy\/kbx4BhQaBgBqXt0cb2N9mgpdXTKwwYbx3ET9Ev+Nq8eJmgNpLdk2FEQRz2+\/swRlxb9wKznyl+GtIQifFL30gxdlmmNv2V8MGgY6Bpik3KNjMhpyE4LDCy1hoKsiw35gfIh1dfQWgVF+NeJd6I5btZ\/L\/JBVApU38+cIIgxjB5eBP45OzfOUol5vz5Ds2LMYzkXLrgL4fRfn5qH52w38zGW8T+CadqAJleSXsNbrX5JXHYqJx6HxIhnYkGqMGK2dU692XQLtg0hcEJD1397W9181YyiKnRPSfl8kFe4JsjrJQhBF2oAisZ+F\/sFybYwicovw3hcVUS\/+MM8l7fN7F17pQOuasUdmqLBvAj00Cf0y1B9tpPYxQGZcRPdC4C99pWoYtTTaKrsG23KIbYStpVMS6soexTSPR7xdY7LSPumwUbMrPeADSIxzJz0SXXvDKG3fykIUEaEh7ovOGhqs6Pv6eJ9cchQ4Quz6OZvHxuM6Ll\/wQonAMDdl4nozVygotuVtEB\/r0slhT0qHsnyHp\/C9f6b6sRUHrll7jb99Cj3WszOGc8+y+NM6mN5fN3JGy2cFQJUbZCVD5JNZkmfSDY56H\/oSma\/wSionWOvplj0WSqlc512FY7RMVZS7rorj7D9Lm0ZzYGo+JBW5YJDouUOP99Aei+3qU4pI9xCJCg1yIoma2N+ZG+n76z72ZAAaNeWbFaQ9z610MopjNuhVVsVk\/hAyFMzGTGbhs\/WG9yOavdTToAL68tXUCoRJF88ZfOjRINv+b\/m\/zdqK4XMLpYwkkmtBWnLPbIktxXaMwDWPHw1E8NCxpKHIU8qcXMTagjXwTOTAfHbE2BvwuvYVwy5tgglBwegL9dB6xW8WO5D4rul3PKNO36o+A7RLWJgo\/7\/gD7FMMqi29XFPaq2G07BefT1OVbTFbW3O0uSozE5X\/EiHPn1Ts4sX\/G8s41bbkWcuJF2+rO0O1HG8dN+DmyOCPkk1AOMvT0O+V9oR5xFuirOQcHXZPpHDu8plVBrr+3qZgOmIWj5g5cjnYrncmd40kAgqxsDyVCCvmws+PtrgbH1vQk+682M85K2\/kHGVGiNbwiHrUmRoLwzWNAlejGLoiuOoXWhnPE\/nLesC5ZR7QliWUPg5RgWuwveUB4rfa4tlujgiKoXv0pgyhXfcfbLcm5Zr\/7NyUCLo2jnw+b7Y1qqPSBLP0vccfDk3eBh3IwPZJg5ZmZQaCVwzquphe7W4bHr0wdJIzJibEfBiICpoNq3Ly2cYVCDFTeVfZsVtdWCiIOmkg4+ha5qE73D6jX+3ha8dDGlybO2L29HSXijqjQbYATwm9lTdIQmGcxOs="}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_tot_l4_data_len":5099,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_tot_l4_data_len":23372,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test"}

117
test/results/firefox.pcap.out Normal file
View File

@@ -0,0 +1,117 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620927997754,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":754367,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
01121{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":782476,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6Esl5AbuZmizBCYmRhoAYECyf7gAAAQEICjQMlIg8IAcuFgMBAgABAAH8AwMtfA1DC+zpycv9FdmNMUC5bsJuWnUXyup0IQWmFDUmuyCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAdqToAdMIvwxEDg\/g+CRDkTMPXNvyCkvGWZE1UHNfqdQAXAEEEaSrAsB1d9DD1rsZ6fsTBmwbdQjaww3ssMweKLDjtvm89IHezibH\/di6RtXqjZOkOURxpgJe+Gaam1ctoaup48QArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":808417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1BAADQGLNeSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfqrggAAAQEICjwgB0o0DJSI"}
02369{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814169,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUi1FAADQGJzaSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfo6tQAAAQEICjwgB080DJSIFgMDAHoCAAB2AwME\/IVNR8YHN59n5JIn5OLBcnuRgXmmdwUJNb3yWfe6pCCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCxMCAAAuACsAAgMEADMAJAAdACB31+3SIdmrl6xd49aoJIqxuaK1fCHaTSuqQC01YPhfDxQDAwABARcDAwAqKbS4AviaSHirJxsA69TCMSk\/Lbn92ZLIlyEVMFg0KizTD3JEt2eWXoh9FwMDC+GLGTON3A9hbQyHnYarVMSdpMNwTmP\/\/VIcNO69YQ8dIKDBiyCqR74yqqw6p9jqB9aH5UYU4gs5ZJS+Nd+3t4aqVLuDe6I+VCT1CGBO17gRLQwJ18QJ4gCFDHLJ+utg8DjQrIBq++S1U9dOjIMOKNBQL3fm+ftZCKPK8u1bmbQy9gtEsgiZcW0qZU9fR2uRY+Liq5DWEpqmLDij3HTFnCb0Y1aZ3O7+JZn0ArOctwQmY+5KkruDTghoKg0tMInIZWxJS\/Pl187tyyhhM1GBYh2a5B5eIICCbc4NQl\/5cKG3g98L4nA1yRhZCG6spGuv9C+9eiiSZ2IbX1TjZelgUaMZyIJ704DJRwoPIRwTObBQkaEvmiFe2Uy6I+ctN6h4sFHkFQOa0GmxQ0delL+SQxOLvZGViku8XbepDmlv+lGBYtaBYwlN8KWfuOnLQ8DR0zmDZabxTqtQdqZmygagamptpeRXuaWH2Ghz\/1EUth9AtlHBUDsGau2m3FRC2Row5FGuGMPo8pzz9kyymr4B\/gFYTajaEkeIa3vXGQMtEf7U\/mvK5cG4sIFqheAO+8wwCJuUeErHlMtXQWxpmmfwarS2z1daM\/2biQVJNYqBd7RczB2B7\/5vdg599xf++2ubsF6mOZSq6jloQHGKu3x4ABE1f9h2l7ES5XaJUub1IkoyWSSv4IiLJUiS02DjuF8YVS11pu6G+e6NVra6eykTs3kgev0qkEahDuevD0erk1YTc6E19W5YXeLm9513H9wQStbcCZzCuoXhEiC4pHbt7dup28LmqOJxW72vQXGC4EV3aNo3EgOlvSirQaG2wBNqYm8BntqisxryiKvj2WwQX2qDDPsFzqL0tTXyFImXDnU1HuBItUGsrpe46Ig6qwKMctQ98zTmVDwwTt9zrPR\/0vkQoK+R4W\/qW8BPByKyYzSsHsSh8sIqGhYxiFgh3SCNVTttZWMBXHFO34MRhAkgqZflentHKNtN8xj7krRC3rBdSTd7lwoA3zqQCMzWzAQnWa1wakoUvrLguP9ckJ+sGOpnueNxdA2LzOPR2t5R9WhqGDWWc1blr0vs2a\/gsCkfjdwv0NllQTzVkkFJbogSxUcZ5kEKmtyRtnEhaoYnoLX7I8dOcsCipiEghZhI0JX11S8R+DqwbK+QB\/13XOjzO4P4p0vlNLT9dpOKwj0iXwd1JHX1ljB2xq8vj2LDqns2J1QLudLaMEbjHT4fE4HZu4qPAeuIHgzCDwC6SZcWVNEXSloDPcYFhr6GCUogFcxUZxC\/5zbpbQwjflaT4Y0+M1Mj\/ETUxRlgy2YYywbDVSyAoKZ+IjbhBRQkIOVdX2gKEUCd1sI3xdEZFUAX2Ta4KGNJBIXBqYGWL88SImqjgB2hWV9E3Fx\/bwuA3VyAhIrVLOxuaKYmbrK1VhquTi8s6HBdxAQrJRAZChorrJpkX4Xd4V0tBzZxAthG3v7eiH7T1XRjmXSWgpYefp2M1f0PGELh7NCI54xvRLiGOaEhc4r9vauzl5IJWBMqBZ0GCRMegXmPLcXiYE7DGNy3MySh41BSdfYd8HrRZQRJAuNTTjnzuNSBkoLzaI9wJu7dAvhEBikr9gVtXx99G\/wIdJGbuH6wqWTck2f3nlm73lf5jo3dvpYavbX4Ural7oS5fMTw+FFECSgh0fWg"}
00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1fd36067223570569bbf156fece40978","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02380{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814214,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUi1JAADQGJzWSMDoSwKgBsgG7yXkJiZcmmZouxoAYAfpPUwAAAQEICjwgB080DJSIkV5fYoRXYC6+czPRTPt+PI+ePKFm5zRZjUHFHVSD9BFp5p6G5OjZer+b+ukzC55Zeyg8VAvRfmsbJwWiTPkdZTns1DZ1hLMBO2A0RSDrj673FAQ3y5IGaFMbkuWhN6\/GSBgOosvp5VtjWi7tFbFHtv7irCAT7l0c\/yzyWnRX9+vBBatumVDDZ9PuNftreTHg4gueVbRJth65g6ezpjrKt33UgGNstaAqzjd3mSaPBpI\/yg3Mnmr0O8YKcDjxpmKGQeEmtbRQtoUTYKI4B2ZheNZ4Ng42EizmFX1YPZt\/Q\/OJznTBeCukLKwXlQhi1uVHoGjIqY5qc4ot2u8QJF8koE8t+S3lm3pDjFIzQkrLSXFaKdWLT0\/T2ZICC5w1aJ1xXjdeVqs8AZCDUNVZbsRxTKss2mX0pv7ocNzv4M\/xAbXcTSYPlWrg3M3sWEwYw0O+mRjQ1NlFqUG+A40+ZqjeJpFLmcRwI+89XTcBsjJKf\/C5vB40wnFjRr06m6j780lq+LDTQjkpF8\/KPFbFnWfrr\/5PJ6AyPcZHntl\/cpCXNgaTnhEBLsvp81OhGVrrMf0pF5x4M9o3JI7YfIHKNae6\/DeP6LsddkrmSC1qgG0PkRbFfOY0KmtVUvy7qA4EW4bU3bkymfrpjXK0PEKY+4CpRlJ5zaTIB+www0Gv67IAqDVrUelTje9Wc\/RkOn9ghTHylBR0NYpY7kg2LlcdjM0yWmnShECdTyB5qMB2I07w9BBIgcvLg8D7kFrHSjCTxjF0gJ2Q6Td92suk0eKENRMEjfjC9dY4rngZbKaAO1vgwIHYr3NQR15Qt4lzyWpc6CsoTJpNL+RaQz1eK8jRTp0l4XFS3mbdbo\/GNXl0nG6xHliw7vaIz9jj91THzjW0r1MyoZ6\/hVe754CNaNGo5iA1fkBtJLmBQ6QFWEaXA7szl4wvOVFfEkmxylXpJ\/jleWZnprKh7xhIFqob1ppMzBytGFJlbpSTj3VGOx9XpVdKH\/pyLwK7E43T+XG0tvlEeiyL2pETIzQfkEIyIzqhUy0hPpNjyFK8kVK66BrSapwCVO9ez\/G3YpN0UBKZCviArPkYeabvtdfqYTD0sSoVBszLCb8mn9LgridT6F+JVp21cVkoHqv+WrCzqmxh0OgbbfKJ7aogr0zcAb4rtyUs4V5WzISzfJXPvV43l0bhzt4f+E1NzdzcwOpg920l9wRQpvMWLPbfYlaEif4nugFTSjRplH0+aPmmJEI6+DYPqmkr2NiNWGYSJ5hSquzJiKvEf90BBeQ8NgM0AMWesDPcIBqJKzQ3BUYp2ZHzxU03izHLe5m\/TK1kEkNV5+Dd1PWyoL1\/aHk6QDhLoX1jM7s3FyNVGZM9rx0G\/WZkziBfP18tUsNgwv7r5kzcrvqjSWNldf6iYP\/bWLhSVEsiBNNNDn3oPr9ByscZIF2djk5KD092\/F3zs40oFcad0awOvJWKGck9kbAIDk1aijHjgiCsg1VTzRtsIyDQTLXZ6mSgP9YofcZ1EYWYCtKqEGoB2p4ySAVCivEE0Lwxi55Lee6A4zzOpVGUOYYAYoEcaPqaQKL1vfwMBLlNvd654\/2JBSCA+wbk01QasdHDFZapIRNZ\/FIipG6kGdmIoK3IgxmKxNnX8tMN95YkopidBkk5ndgpMYAf2Q5LDoSQIB1NDdY9AX7McnFdlMc9+BVPv\/o67NfauPfh4MVT+AqkqqcjfWaZ6yRAi7ASCYjJuCVVNM0Ql85B0Nrykfrdj8kOTR1BBHS+9\/48qTsz+cLge5Pto2qFEzK9Gu9Q65fqyrSIuhWT6kG1Mmxv+H7RY\/XmH6kPIfqjRlbTtpQXrYIO4+\/2EcXiMt4gKmydtS2RMTFH\/dOVDm6PefMBA8hyuWIq\/po4b121NW3T9U9CbFgIa\/+3kX4wN10q"}
00422{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmi7GCYmcxoAQD9KSRgAAAQEICjQMlKc8IAdP"}
01382{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814713,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2i1NAADQGKhKSMDoSwKgBsgG7yXkJiZzGmZouxoAYAfpAoAAAAQEICjwgB080DJSIp4SWpGynD08srhmoHLcT1L+lOXCTVY0zI21x6tCi\/KN7l5Bge69QubFgZQ+p9D1bqbq1JQj+vdMzs\/IEV10i4GpRSp\/e\/vdUFP3BnGjn7Db4fY7SBpYDjZChBiR8yuaSgNqAjZ1EsU6a+aq3fy1aChqzDVGJrmXapx+HET2Bb0s+cAgsUSdd5FySH3sSa5Cn5ie54sR5FLPmFIxz85gfnH9jshW7SHKdEIXXOptKt5wWhWa38XzHp32iPAe1ULhFqHlEUY89OSOwkUg2Z8NvrjuV8hTDGSDZ988N81fCQuJD1UPNi5hvju\/BcheDO9SQ674ywae4RTw0DC33N4lCh7LBtrejzggOBe1F3Pum6dWZFNJU7Q\/U\/sa61DdAFjQ5HAX3giupb8IhOxcw1GwygLkp4vg2atJAlm0doj8TWl3N+rOenIBhAWjZDZYx6izKxpmLJq6miofpqRcDAwEZTHOMey5f17piY2ecIsjB8AbV\/hf2RJYOPgdEyz5hPBL\/2ltrVQqdW4cRJQXqL9UL99ntD5k5BNlTc8YrNGS+xA2e85zLzhgYco3VjXHtJWDGlVkzitQR0EQXAeJUNc30SlLzi09ZWeBUISrlEdwSpyPlZj4HS3rBdDbQqUPQHpO5cv2bIgWSC5HwIbQ5ztPX45L3PIb8MvmwnEBkIBVEmeYIkoJH6cXRWN7OAOviuOUr1Q5SrfJv8jBoAqw9tcdfavOAjVH6YKo9Zid4xUAcQmnXFnE+etrPUIOhdS3p\/HSgsVfhnMJfQ\/uAa19nPUDTtyXNfNGnGiiDYcM\/fRhvUKXkaBpKYZLqnSXFujkcCayoUKQIpue5cgEXAwMARfszIXsYpl2rxYVmYkU5WhD7BIqhb9+pbJP0zRspYGuh1OATP9+L5sTFZQ\/uJgOh4xd6Jf2faZO3UOr0teRLMWkjTt3NIQ=="}
00424{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814753,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmi7GCYmfiIAQD7uPmwAAAQEICjQMlKc8IAdP"}
00535{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":25730,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6Esl5AbuZmi7GCYmfiIAYEAB0fQAAAQEICjQMlXc8IAdPFAMDAAEBFwMDAEUTMGeuPTeb9XvxZvm+XndNsmj776lWHiXbLp\/a6z9tHxl4PtBeEQgf9YFwSs9N6KVAalQKS8nnlQGgdyxQgqkFQ+kCeJc="}
00950{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":26043,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGqqXAqAGykjA6Esl5AbuZmi8WCYmfiIAYEADG+gAAAQEICjQMlXc8IAdPFwMDAX1mmjlNgRtv2HdDc9DHwIJcor2mehVk9OzpDgRjq8T7RT4zMMrPt+vU3I393O86opoTpmxixLPlK3nsolNb0U76IvV5mzi2mq9MOgDHrVQD6088YMVOY4RaDR9BJf9aECkln9yQagODvzpqQMQZHEnpVRedvxjTxDqYqKotyPZbVmPT7UL+zdF0V840h2DsDLTWoy4r+jAYjtWK5YQuY1Y4WS7ly\/z\/3E0NlPy0KV+cJNaOE0S4OwPFerIzQ3dF\/icYd62xuavWJYqii0\/vQ4KsEDULozweLEbctrHW2\/4E9ulISHHVvf+vDK0HVT2DP6n4Wd0AM7A3Wyjd\/DDgiCsatAwmTZI1od+4Ehu4BrSWpGOO8rjjoAJirEieWFYAvc5VAfImQLGCODFyOMNya\/q056rbdgtKRlle2y+jvjvHK2UZXHlydQOM6SeMuQHAnT7Ea4ajC72IzO\/y3kagXp48TrLvfh71jzkz+av0Zj467nJh4EWNFNWCRcCb1MM="}
00423{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1RAADQGLNOSMDoSwKgBsgG7yXkJiZ+ImZovFoAQAfqbTwAAAQEICjwgCDw0DJV3"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1VAADQGLNKSMDoSwKgBsgG7yXkJiZ+ImZowmIAQAfeZ0AAAAQEICjwgCDw0DJV3"}
00839{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":52053,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFji1ZAADQGK6KSMDoSwKgBsgG7yXkJiZ+ImZowmIAYAfeLUQAAAQEICjwgCD00DJV3FwMDASoP9FuzT+77Tm5LhnbV9Sewvckun\/o2cHeV8a0PFUdl0epVn0JCwFYw2u\/995yNitv5yqlG3GEkdm7UQiE9Gi2Lm11MZMfOgzEgGE7tw4EPD8NZfoc6KvKG\/EKi6HaMMu3xTVD4KckhI5IBXrC17xJ4Uq4V3k6\/I6pJafhgUUqVWwtMNmFdARevRhzVgfwjOyXIBSlW9Ra85a6B\/grdRfOZaeMI6dFx1FiRZelQc\/jQwre+wP8hT6TMxQFaNGfY8VBcIXSI8jl69MJKva8P9fOnLuAZG\/Rwz8J9BdVkLkplzI3gR299zmDOn5UdfaLW8sI6B4r98nQKcfNz8mVq2oAjyRFuAPgXVurS5JVSEW\/klPnjhWTjh33GGXx5iwA96\/zoTwtThauP6NiC"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620927998782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":782772,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620927998806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":806443,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00437{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
01348{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":820522,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6Esl\/AbveSGQdyUsXxYAYECwwygAAAQEICjQMmIU8IAs5FgMBAqMBAAKfAwO3vIr9uiJ48zzMf52GsXt4xkS1HnhZS28F\/9nVtQa\/JSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ogAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIIYQxSluq6g42rhsNiC0vZO+RSLs9Lc+BoLP46MvmywVABcAQQRH6zF0G3XQTSNI3Y1zyDpklxgrGlYydrEUXDKsmOlWDTlQccHbDWUx+QCuHh\/4fXU1rkqfToj1sH7nwHIfkbqSACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bJYAMTBgVj+1QQAEnNQ6YMh4adur454Yr31knwx6D0ttCCNB5Ar\/5l2gc7rg2qVLaQE7hUg="}
00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00436{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":833815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":833884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
00424{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":849436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051pAADQG0MySMDoSwKgBsgG7yX\/JSxfF3khmxYAQAfjgwQAAAQEICjwgC1s0DJiF"}
01343{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":850076,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmEAbtCftk9RQZ5bIAYECyN6AAAAQEICjQMmJ48IAtKFgMBAqMBAAKfAwNAzR6c7iJcDBDZ2OSnohULz18pBZGP2l3acYhLNliW1SCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMO9fLbtYoy7wr4nDFrsvn6ZcJoE4YIn7v76H+x9iAkkABcAQQRxFV6yz59yZ1DVbyModG076e+kDUcckNtpF88rNlUIK9cS8XHrZokfkMFIciZwd8LHFIC9Gsa3UC38ksGr2hjkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bLMAMTASbwuo8QWja2o9mr0+Frf3OIK5pq78cRY8SbYmyrN4A0Z9kQhYPaolWzEoVShdu5I="}
00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00780{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":850942,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE451tAADQGz8eSMDoSwKgBsgG7yX\/JSxfF3khmxYAYAfhQtwAAAQEICjwgC1w0DJiFFgMDAIACAAB8AwPCN2vwEodka+LTPcQOQYDiEUHZ0u\/XcrOKUS9DH9yuqSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ohMCAAA0ACsAAgMEADMAJAAdACDmeNBaB8UW8yV\/zoPdiy1ahFWCdd6\/JoZYXM8fB4gkEAApAAIAABQDAwABARcDAwAqTkeYYvXCV0Xz5H5NRNMxqPiVrUaADG5OWPFKriD6a9CD\/cuKWMmw7APcFwMDAEUePV6QnMUKL4Pa+ZNLUCPh2Jq1MJLKXMd8HigYk3uFOO2Fq7AbmxEW5mQ4F3O99JPJ+WVSmBB33hwNS7ZNXbnYyRoMu0w="}
00805{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":851001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGbFyUsYyYAQECPRdwAAAQEICjQMmJ88IAtc"}
00537{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":855159,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6Esl\/AbveSGbFyUsYyYAYECP6cwAAAQEICjQMmKI8IAtcFAMDAAEBFwMDAEVX3ivdvTYtrbQcUUjZRly14I9CJKnN\/0UbUQmuCXgi7sTfk\/QGXacXAH4u0CnHjf030kV5mmLPXFGgtNWx8KKA2vgS6r0="}
00896{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":873754,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGSAABAAEAGqsnAqAGykjA6Esl\/AbveSGcVyUsYyYAYECPQzwAAAQEICjQMmLA8IAtcFwMDAVmTzb7t7fyIuSr93GElPoLRJl7KxVjYaglEzsUeXBdyqddnCTbhV522sjG+sTSiMcoW6eRSPQjNCMj8bnMxVlk+g03pZb1+3t3D5B1GXN4aQ57Wg74H6fZRm+RPNWeCsh2+blbCQUdmSuT8sIXlFRLpPTqEs1bN4cVWvy61KNWX1csSf+YAThUDoJrfwuCRlAJg5U3vexTrrnprwr2BSBtaf+BNCd\/hHWfqbaKA1kUsGFlznZjoQiYn86uLuqtjn3ZOp5AwXfsQF+QMwi0BAMudpwrJYN5OXAvMp5pE3Nw4ADZaTqpLw03DjbOrzyqZ3+HLKis2MC0u5CiBcOsi1OKRMuV73VzzU0qeSSSWYDvCAlLD6ZQoGU8DIywJjd7B3u2wn9lTPEV0W0uwQ8ZSJipGRksCBwOa11FnRIAIQFdb7LW+D1J03KtADT95902iI4Yr22hpnvSX36Q="}
00423{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":875954,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCZAADQGRAGSMDoSwKgBsgG7yYRFBnlsQn7b5YAQAfgp0gAAAQEICjwgC3U0DJie"}
00778{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":877179,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4dCdAADQGQvySMDoSwKgBsgG7yYRFBnlsQn7b5YAYAfiyogAAAQEICjwgC3Y0DJieFgMDAIACAAB8AwMn3JmQZtyDm7XgOn7Biwm09omSkxtVuDEiqQZZzpXnLyCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccRMCAAA0ACsAAgMEADMAJAAdACAFrURae50a6nOhcq9+rEw6rf2oc\/OA+f1SufFt1LthFAApAAIAABQDAwABARcDAwAqK0vhjklLx0QOdwSDAwIoG9eHutwcYVNrgCo+HC\/AKldBOV1f6ZzBc4EpFwMDAEUAzs8WwNlILjQmeQv06V04EjJDeP2\/Wa79UNIkCu7iNdH0dS0u93E1AXIo5rwA17Jh7hbYACziGsey+EQRshgn1fdryB4="}
00805{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00423{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":877228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftvlRQZ6cIAQECMajQAAAQEICjQMmLM8IAt2"}
00425{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051xAADQG0MqSMDoSwKgBsgG7yX\/JSxjJ3khnFYAQAfjfMAAAAQEICjwgC3s0DJii"}
00837{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882594,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFj511AADQGz5qSMDoSwKgBsgG7yX\/JSxjJ3khnFYAYAfj4zwAAAQEICjwgC3w0DJiiFwMDASrPJ4D\/QNPCDgScnwDvpk5C6exE0ybRDo8w5tMGfZR01sdDchCr1prd4MQb4lw+rEzk5lpJGsOV+AoZjl1xIp+eqrPinhT+yOMvgCP+aGVAd8f+piYdOOlIAYqUl3jmj6Bgj730XIE1W\/R2cXuNS3n0FtofvEQH1qFn7RoT5oV9RwMl5Rq7x+qbiSUqqo3m\/YfAw1gaBwZCJ6h1yx9cPiLX0BVnbcoKkjLwJQ0HwJM084EtZpvIJ3+L7JEtxk4xDbhMudEKD1tL6vMutJgjj1CbLvUOVt17b7IDKhljfEoUE9Q4h5QeTJfm0s4ypDY4SSQSRSv8ZtN2uhjO\/3WDz7+OMTQ6QjtEEEovTfZp\/H1K4InvDsSlh7+QiAWDziF4ivlCYNaqe7dZ2bWJ"}
00425{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGhzyUsZ+IAQEBrOagAAAQEICjQMmLg8IAt8"}
00534{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":887292,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmEAbtCftvlRQZ6cIAYECMlogAAAQEICjQMmLs8IAt2FAMDAAEBFwMDAEXtXEmqudPykmzBo6E9v03HUDEtLQh3qoeobiHrcBlZVIn3X7i6PDhcFRqGit0Pi4IFOqPP0EbQzg0wK3LCMW6iKvqt8NM="}
00425{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":901067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0515AADQG0MiSMDoSwKgBsgG7yX\/JSxn43khoc4AQAfbchAAAAQEICjwgC440DJiw"}
02379{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":904055,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU519AADQGyyeSMDoSwKgBsgG7yX\/JSxn43khoc4AQAfbMywAAAQEICjwgC5A0DJiwFwMDAXu6YAsMuzXaTk19dFQf+z7XUb19xMFIN6yYlr8fNDX9Shl8PuSnBzNGgiY3r7ahC5I4b5dvVWcnijxF\/J\/piRff2npBWAjo+V8GSUq57Wzg7U+Z6aN1WPsAj\/qoZNs691axgN\/ZcTiMntJAqSdi88KwsQ3nuOenmgUrY0pWyAb4uT\/OcMyLhdHilOm0nITNjiYBxUXmg5W2czOgf7Gyw\/zr6wgJRuHOwS2Oh\/LfFed0ZdqZ7gIftweOEVWdbTpLVe\/fqs1dc3ESeCQvJmqklkeOPLwk7FYpzC3x2PqkySB+ilCyrEHr+o1HvlczMVF4F8xJoHeRzAJTrW7LM+\/DrrGso1mIvePCnStSE88xfh61ZKDs+7wnMdE32elM0N2tzJNYuF6KBdUzbpB+KxinDG5Or\/ksTrILEKIsx8Z9h\/EUtgSUuMQNUzQ\/t\/pkJOr8aMe7qSyvbmB4VuBZgmWZMf\/aT51Rg2wCBpWrohwV8+AqzbO770E\/7AxSwoc1FwMDB81z+a4as79zvdyqGi9oCdZXBV0j6YzUKnIhhWpNHkHE30kRgy1LF0XhPlNJVBGTNG+5ub4KzHHCOGMZd+hL1kP0YlQQIHaJvnTklwElGLvX86fMYWLGUsm9QQH4KeWQfwxPRP4iS7ywjrXSYK+yWRbLAgW6WqTJigpDj2fWY2zmwIu+zhR\/6apIA2FxBWZxP9oni2a3Z6x47HRljVkfXOvA2i78k02pqXHv552OixHW3iITGoMdqgmc5bqLxbYhAhQe9xgntHtH21Tqq4vmCglhQbLC57hGNF2LJtCdeJhw4UonQlrLtWTJwXZMDQvi9+WSimTFjq5T0H5XF2mg8UWXY4S0rwObcJxYw6Rn3TyFrl\/yosoJbi43HE12I2msHy+P0PgWN6pXsR9ubJeYt5bMn35K0BMOUCLEx5QEtvzIOI1YHjqi0Z4cMhGBdRv7Tt7bydhprRE2pgvF\/AapwDg1k8twUZzo8eHsfI8gCeyVrsxGRgVl8J0wwavg32VlhsoaHRSQy7xxrJ8JXcPQGB9SmOa7ECFABVeBq7CJa5NgErSAmxcvP6\/YmPY6LOjbrxjBxq9ULktWLk0M8w4oJGYbFX9xQzPzcnTKqg4fYCg\/CnR9rum3B1QZGjwhZIrYgmQ+fpYxrDvBoCdlDVXhVjMDXDIyyDaXayN7gmQz2ieguaSHMtb6UwOqBFvTkpK5L97CjPPk8Xp5S\/wD+uPnLTmDkPcAiduh+kZNAF4PFmOa67NHGpc1MSs3Mx2cNy+dqy1JKpuvDhHSxbwXnQoqHce3deU93+j37IOIoktUeO0q+bGE3h22ArEupyw5qoZ8TJNFfyDjoiAKqf2MsVcFqJwxWkPzOHvhJJSEVJ5LUTmNb7L1p\/6RJDFqVgEGXXPsrgjoD9hmSVte8aYhS1kaV8q6Dis3DGIICqqFl\/rlLk2zeJuhy7n9JxKNGP21tZNJzdWkUoCiaCdc+cCXyE+q8FMvg7uZcpIHCAq1l5rYprSAvjuApTmBE5fPN0D0l+TNCBBZYutFOlr4xnxeTdsgmoVCaLvtKAPQATDx7OWB5LUDdkOrOHgmZpzH2rMEJSMqkiESIZmkFtQgcx1Kns\/zozzscjCDc1j2F6KOYN4islUkSyz6gH7Ffbzs7XCkovk4S4RBHTVTH22Y48LC+C1ATzi+mOtDnPDZQRLFqOgKou+IH0yR9q3VbOy7tZbL0Wz7HNxGyUD\/0wvvFjI3gbibnMLDIMChxhtXBzXPeA+ob3RyS9\/Lw+NP2igeNo3Var16cMM1W9BvkbErE4BraL7mUBW+axY6I2md7gSPMydjcuZ3lHMvfiOOWrHoshtPaR4HRpTDRM0iDU54\/wfuqN9jPSCUGIy0JBTrFHReMVmb1AKO\/f8wySr5phH8rDcq"}
01758{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":904175,"pkt_caplen":1042,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1042,"pkt_l4_len":1008,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQE52BAADQGzPaSMDoSwKgBsgG7yX\/JSx+Y3khoc4AYAfZtDAAAAQEICjwgC5A0DJiwNWBEnBjCnTX\/7++Fh2HaqSLZj5qEpeKr6ZYia7eMtvRxAbSEUz\/VnR\/ZYxv6eGOPoXv0lAS8W0n9nVrMQQdWydvUTPZYirH9c72f7LD9Xi8NxdiVoNSMf3Zu2sxzF87I52yN3+tetDGXLJBYHp2NNWhsYAv9S2YZRXGaqOjNtGSvBoPRo90mzKKiVZAI13JKXVP0MnOYURO\/Vb7R5aQDLg4rMhNoZtOBfc\/ANaB4LmsVKuyNgSL5HEwP+\/xSb94ANajy51CW7M11c98hym9qLMZuZhuacRfhXxT1GmUuVTAbXYXnhpb0Zm\/t+9057vWlMr8bD3GdmCXSteOFUujHYdsp4pEDGeFRavgwdl984N\/xaGfyzB69b16R8QOwHMI9lhlX5ejCuWSBx2cPXcvhKwjRWNOBTlC+ahNlCfKliQsGw2AVMaqWSXK+jLd2xKcNkEgwLYeydqti4ACAPSGYTIR0ECOJkd3e+HcZ3faEZ0LUxdzMKv4FNlTyC\/n6sje4UI3M+kFm2w8PhBBRF7r9Y59PCVTUGmqCWRJyC0GkzQt4go6qHkMeG3Ux6wcLkC92Sl5dD0p7SV75Dbcqds5mGDENDnOXANf9Z6tV8v+yckXNq5kCiV2QhtR4sm9wk85ExBLW6mqbHDtbDkufMG6c2ZhlR3OKR+tOPgbaQ+9dizWod9c8gOlXFobfZWu1MTYA7\/xiNFpVzaVW2PoSxMwZTXDRMzD2msyirIP8BkAnr+TrBEIKsIW+BWJW1JKwF6KFR2R6KSQVTcJlpBtW\/L6gPBwzSxXM+woekotVBOjnQeG9WnqTnZFSimr7J2Tc\/Wk3FyC3h0Smv5BkUqLEJSVAH4BCLPeHmMoMLyoM8uRdN2Kf679TlhnXUWOHn4\/FphIcO\/rV+Eb+\/gYRdi9XqvaAJskuG9SO0shv7r4FjCh1YCujcM0qkcCfSg60fZG6buWfl6tLB9OUuCVwecVSdMBHRGydh5Ea74FhJ\/WoAMtUKlrv3DnaDsfpwyItkzCcK+8BpeZPtNbWtt7\/ebaO0mvXDMquVH6S1GNz2ENCYwfAT2l88N5Gtv1R3VQgyjd6NAZMNP0LeZ4regJxJFiXeJkbgyIc0jMMbxTtd3\/1z+o9fwKshSZ64W1sBNV1oNat0UhEyMbrfKAdrEP3\/alJrrfeqqAM3ZL4X\/eV2rzxJxE7jvWv7OXnnfIqlpb4\/oW8BbDnHKBhmv7M5rfBAwdX2sRXsr7zzgeKbpVCMZTDWf\/fzkoaERcDAwAZujmj4Iyj7rcD\/LQcGVMZ2G5yFHKaUYA5mw=="}
00424{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":911928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dChAADQGQ\/+SMDoSwKgBsgG7yYRFBnpwQn7cNYAQAfgoPQAAAQEICjwgC5k0DJi7"}
00836{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":911947,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjdClAADQGQs+SMDoSwKgBsgG7yYRFBnpwQn7cNYAYAfj9LQAAAQEICjwgC5o0DJi7FwMDASq1Z21pVej08oRQ33gsiycooX\/qwyUvev3W+EPfcGjvVO9JhzFuy2DBGRIO2MK9lSnS1UqRIlX3S4qebsjbG6GVGGb+eaULimNqL1uOpHpd7i7MboFQAi7T1ewXVIfToeO0ObI\/sRMmCFDJrtQ+kuQyavR7WfuM4SJxRBdul0W3wMHIgSgR9nosr8A70xlhXb6U9xuljJlEwj9HCd4i\/zpSkGNw52bdzbhTaO51+ikeuIBkKiuFPYRNJ6jBZ7ENOdwwZ76zFXMP5\/8RyXMnn0KWhWzaHPst0DDJAUtRPbqZOELHfpHyfzQ\/vXqZ+IXJLX++3wAScwC1USx00ZTzVDqAfNlaJ+WhaSzC+V0W+1pKmMPU8oBmWcXRzHxYI92eERGGNuDx6lMsQYHa"}
00424{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":912007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftw1RQZ7n4AQEBoY1gAAAQEICjQMmNA8IAua"}
00928{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":107805,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGjAABAAEAGqrjAqAGykjA6EsmEAbtCftw1RQZ7n4AYEBo64gAAAQEICjQMmX88IAuaFwMDAWpPmDd\/2mec\/g0XLq+a\/iK47u470VOnAOBzHqZ5iADOy3G+\/xqwv9Lw6TjOJy2DQ+qWqlvLsngR9kgj9m6jhgNK4WiBnS7HxwRm8JqdUqc9OUGEvUOTfFEwHvm010Vjor+4qrXkLfPrMtP2PZNWpd5v36cislsIlIgHuIuZRmKae9qItp5qscFjx8lq1lqP\/udjpAGKCAy8Z5UFUFntqty5Oe8XVW\/i4SBCCQO0bpSmXSulKfU7RUcEAbbbXTTthpXuYWgfxjpd0PPiJnWS1jKDy9RROlWcfftDOg+d+jiPKHYfgorVRtcVRPUHIBZizJQd2ft9QejQpUsSnYz9L+pz7pxV25xPx7uhYcK9GFtHzACJ5URhvJOcpgX0fVPIbS40WYq2FktCwPn\/67Axd0DghuvTF+IHidqexcc+6yUb\/lvv+mbMeYRV4SdMyQVIcMv6MnMoCcLSFU2DRwBzKkFrnmKP7Kl\/KL290w=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620927999109,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":109976,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620927999111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":111334,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620927999112,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":112216,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00426{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":133337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCpAADQGQ\/2SMDoSwKgBsgG7yYRFBnufQn7dpIAQAfYkAAAAAQEICjwgDHY0DJl\/"}
02251{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":135180,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVwdCtAADQGPsCSMDoSwKgBsgG7yYRFBnufQn7dpIAYAfYoLQAAAQEICjwgDHg0DJl\/FwMDBTf4RbFzY54J+vYB9UvY7JPIz4c2Nsd\/Cu\/PL2qlhn9gpXx9tL+kYzNOCshRsGn4gZBO6QyTq4ipgSfvYsMXHNSgsK8584S0CgIPjA6iTkFoAq20TjOv\/YPqFXClQol7xgr9Qeubxu8ZdimZ6plwGQ3pmaLhPA7Povv6fqnXRgUT98Wcj2L7VeeXMG\/635fJsIGoFSgwg9s85c5iY+1\/aiQAlFf8G8RMoC5iDaQkSSgbWDsHikthXlhUiGVQBm6cC8Vtj9HC0y02tp004YKV0Zhw86vfo2Xu6XOy5YPErjmvC7PPXC8QAisKHD7tcbqB4SvkESKRdMKKzsueKxLV+IVKQxFJr4mQvzZsEb8e9zVKE+tu7AGoKhMEK3xL0pvZZrbgK1jNdckXzgBCzEO8YQNW4Uqey32IvyTSL1Rjnhi3LAInoDf0LfvHDgwv0Ak3IEoR8jaq\/sZxX00zeNCKHckA38RJq+kipyLTC38+JlDrgEoXDjFWWFyEtVAMtmB8nY+XcU5XC7VC4CFmcVE7JKwHYCtwXK6wTC2f5avciRsXbyG7Tokqad5MwxrIQgctYYO09hCFG5Eg767N1cr\/50ULAH97h+PoV8QrAF60O+DfVhBjXEHwSfWPtH+G5PQy5GVJsHeoXgi4nRMzPGR6OAZBFmfRWPY4qz\/KxE4\/mSIL9oVA7xJ0g2L9FgChE0XhM4mswICv72LU0LOcCRiaM1In1UVSefiZ3rlAsC3Rk3ZRnWOSlk\/GfQ+TzI60GNQWxbTQaMpmBsMpPuDtxg+UUmj3GnFzLk7y2PneybdZkqEKjhDP8sVjoWyr0E\/cSTCjxOZiPr120477wtXuXx3I5ApwxOmhmEndpMPopSbfmy2TJq6UArO42ZcujaOo5\/T6kl3ag8\/Ke7AnMLku0pOyZLmPzbCbpB346uvyCZpiMxDIa74UWV4o5P563s6wJC3Fhxyd+K7o8KcFesoXfQK4bK5U7YI1A0yOqRqu1re3rQPBe\/Mw2tCDwGZRQiV5rXNgz5dH01qsxrE49DXADIo9GmrhI0jDkz+IItzNGiVJGRYIxhH6Lk6gesd0C95AffW+DwaOtbsTSyi25MJYY8tdosZOUnk4g8PuY\/Hdj4X0NrkLhqieLDYvLf5hY0OSjXz72zCl9mJXsLvwnRLyhIc0IdeTpg6aQk+9pkGBbkbeGKRCjFQA\/AIlWktGIXpz7Gyf1PW3sh4hfq0Iq2eB0h1SkeiLLibZ+EfGfqVSyw+IvkKmjdoHwc58x+I895LBdFV4QQlRZunKThp6qRhxfEdbQfgxoFuORdt89Nvc\/p7\/NUmjVOyBc1F\/aRH\/tnRivRBRLtn2LPM7P\/m42lno1PLPYi\/BZY5AnNlJVJE99Qy5nOHeGJ1lWIief8aIncjlfTmv4Ibt+DaQJJqTAUYhhSbUHVLJGije+Sc1\/qj\/Q6bm5gfeMUvskDONatZmpqzhK9TelbRzQ0IDpXSrxtbX7ycFPSM\/l+HoN+13utecbUHrz6Q4KZfDFai94Z5a4Nqk2L+H\/3SFcEvq0TV0L8Cb694C9ux2XB7S4K0mJl0+JZb7EErvvC4f0WibiuCpaB94Q8jUe0gE0FDPs1CbkRk4rH6TWGV2y\/\/blWgkOaJ7nz77T8TYB8SyP1\/LW4irJW2oXfwgetKgu3bfVn5m4Sc4Ux\/C0lEhtFO\/XTJgG12uixlVZZAoEC4+76EUPjIDAQ4lXNzcRBMg4U7nLjJk+tgWLXB\/iMYZVhX2jeAczAjxodvGRjVtPiBpumvMX7Y="}
00425{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":135237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCft2kRQaA24AQD\/AQrgAAAQEICjQMmZk8IAx4"}
00437{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138093,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
00437{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
00424{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138163,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"}
00424{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
00437{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":140847,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
00424{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":140932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
01349{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":141444,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmQAbsCvXBxSS7VUoAYECxqegAAAQEICjQMmZ88IAx6FgMBAqMBAAKfAwMib7sEwVHJP8NafDdEcMRu+2BtW80kInWBAD4KrwhQpiB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMy+F3v+RcJdQkDhcgxxv+q0LPoq\/2mdWLz4DbhUlU0JABcAQQSHckCcHdMJGlaj94G9MrpqvN\/LQY4GmzuN\/x59Xu\/wdGrOVrynO7q9eaBmxxO48u8iWBXSYIjZIO\/YAQtrWf0uACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSEAMTC7DFviiMAHSyKO9UJflICxrfrBiSjn+Q51G\/9zze3vin9E\/h3yoA8+LmA5m8meUew="}
00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01347{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":143664,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmPAbugsPXrcnmk94AYECwByQAAAQEICjQMmaE8IAx5FgMBAqMBAAKfAwPLbD5gOnSMmUdmLValgevvP4bb+k8e08lwqX+YbKGt3iAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHrZFQRNw5ldSnTOZrYb4ROYY6jGIfJVGxBV4uizHTpsABcAQQS3NAbJNADMbeg6uNBn+xHw3ydMMZ8\/z0knTfC\/Pk5sGbbav2GL7wpVEgjyFzNhlOyo4p3\/\/ZRvEWbgTq4d2O7vACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSMAMTAdEIyR1ohqOXooWJz4QOYPIEnPNAiJJdYf5MRX0x2j7hrA220r1vjmga7S5HF+hl8="}
00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01345{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":148674,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmRAbvLRPivcgRn2oAYECwS0QAAAQEICjQMmaU8IAx9FgMBAqMBAAKfAwNFQzpkgfyhNgbTNJ5e9Ud666zcsVLrnCFPuu5R0gMQ5iCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AICxuuwafTKLEKqG16GJB5qZPLJEh4U2+SES78FZlA\/54ABcAQQTAAyquj6BD0IPU30kXgMXDwejI4l0XzpOwpQEzc8hKPk7HPRn0O\/XXDhe2CgGPmdE8r3OyDN41Lk+AQK9FIkrkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSgAMTBBOwyJxtnEOswesRCmg08gZTe717MpXIgpoRB+yZwyzrZ5Gi9t5mtcvX9nEpcbXSo="}
00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":167303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2ZAADQGgMGSMDoSwKgBsgG7yZBJLtVSAr1zGYAQAfhwIAAAAQEICjwgDJk0DJmf"}
00779{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169718,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4N2dAADQGf7ySMDoSwKgBsgG7yZBJLtVSAr1zGYAYAfjtoQAAAQEICjwgDJo0DJmfFgMDAIACAAB8AwOxJHcpqIpvC18FCWzUKHkoYGQs7wIUjZL\/LYUv\/aZbSCB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mxMCAAA0ACsAAgMEADMAJAAdACBuvWJlHC99KIckWXlI8xZxlxI+vQFkSmIeIs20I+gEKAApAAIAABQDAwABARcDAwAqI73NNikoPcgSu4rHBtmtdze6EeDfOqUmIj5PGjl\/yCo3qX6BHyTNr0oJFwMDAEXhI2q8sSv+DeEdc7FfSNvNtaBRgCi7ICaTMi3PdjP6BozSBScPGy7PpI0U5upr12nSbBnGk\/OY8hh95ywJeGsRp5Dr8Y8="}
00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GipAADQGnf2SMDoSwKgBsgG7yY9yeaT3oLD4k4AQAfhTvwAAAQEICjwgDJs0DJmh"}
00424{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169806,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXMZSS7WVoAQECNg1wAAAQEICjQMmbg8IAya"}
00781{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":170826,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4GitAADQGnPiSMDoSwKgBsgG7yY9yeaT3oLD4k4AYAfhZ\/wAAAQEICjwgDJw0DJmhFgMDAIACAAB8AwPLFE14fAq9z4SO9x2K2GgtJOaV1nO5HKU7DZTimhNZNCAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nRMCAAA0ACsAAgMEADMAJAAdACCtYtSWY+\/FBnNvDcbFziQv9mDWOD1F0U7saoBSr9F\/cQApAAIAABQDAwABARcDAwAqIzklDPve64TQW1sRhQ9Ngvotc8R6P11yXBuykrPQ0UmmBnJrHeYe5rSVFwMDAEVATALq0r\/4n2zKs+zG1IHzW63jx+8O+3J3MWaf1uDZ2OpVF9mjIV\/A4PEIwWwGb2JPb2UXioVLNrILrx0ogc+z8WJOUzw="}
00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":170903,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPiTcnml+4AQECNEdwAAAQEICjQMmbk8IAyc"}
00536{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":172669,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmQAbsCvXMZSS7WVoAYECMzIAAAAQEICjQMmbo8IAyaFAMDAAEBFwMDAEXSJ4tFk8tOTU0TdsqYIGUNc2Y8gonwbH9UtGFEzPUT\/vkVyz7muSY18bQwXOYr0Vd1exzUjZkkW8aKxtVfi0AeAU47ab8="}
00424{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":178235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RutAADQGcTySMDoSwKgBsgG7yZFyBGfay0T7V4AQAfhj7AAAAQEICjwgDKI0DJml"}
00781{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":179715,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4RuxAADQGcDeSMDoSwKgBsgG7yZFyBGfay0T7V4AYAfi6TwAAAQEICjwgDKM0DJmlFgMDAIACAAB8AwNlgoQ2Pdpv5X4Rg9R+p+YiQIAQMiIt5js0EYdba8vb2yCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exBMCAAA0ACsAAgMEADMAJAAdACAvcqWUlMdp0QSYolIvVNgW7+woCYu1M5HmREWdVwz3LAApAAIAABQDAwABARcDAwAq0DMa0J5ea5uC09Xn5tWWHKxomevqoxo9n46q6Yt7XJrb\/cKtxBpm8uOKFwMDAEUsrmzIHMcq98OCxjVDEPHkcar4UkPE91bjG9D+qLNgAdYwRyVA3\/QutS6SaTmodgNW977X\/NxVXTU850L6\/oce3j\/MeI0="}
00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":179798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPtXcgRo3oAQECNUoAAAAQEICjQMmcE8IAyj"}
00537{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":181982,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmRAbvLRPtXcgRo3oAYECNz8QAAAQEICjQMmcM8IAyjFAMDAAEBFwMDAEUpWU+q6IIQ+vjgsO19mOPvUJe+zC6SBjdAkkeK98voA6qEgejaG8myE5XpdRhfSr4pNH\/XrVcLiXmV\/NXXGLlRQYLjzmU="}
00929{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":185519,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmQAbsCvXNpSS7WVoAYECOh4QAAAQEICjQMmcY8IAyaFwMDAW3MPxNyYrxLMOxqF16UUVrHIQV56KUGuJ406eUc2EfPtWFYG1vcwLHFGr3j6OfVnMMNf5qotxDsmLVS3roXsL5q8wwjLXILlK0IwpDshhSrdRAyg360LNOhDxyx18Y+0zDXdoJypW6kcEgdLYLzRhlGgMQNtPs8l6PhIUQGoSpYq\/CjoF7iDvpkeny7lLcDy1ebl9jcetR9El5JXIjrgrckwViaOG7n0pZqAzZrymWbRh4SZk919peADoYi6AoSASI2kOrY6nkxZrngdSpAz9eAipQPZYp8XChMa\/EH39slZdcE8A33wKPIp7IN+N2Bra5BCNPjHNO6oduB4SV6GHV52WbFdL2T0E7EqWlX2WRpIdGXiUpMa5OXgWsZvYrsdhKh0eG6AYW\/\/kXod+3RSA5MgCaJnAysUixpK1o+ki+orZDtqMZykIPUT6bfTLiUsJmcTQWYmsstiN\/xhR3\/HcBGELnfDaz1jSWhAllstw=="}
00537{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":191162,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmPAbugsPiTcnml+4AYECNoqwAAAQEICjQMmcs8IAycFAMDAAEBFwMDAEWxL3YzswQsjepryozRyik2Y1glAEUibL\/h4iG46W3VAxeg0RSRMFvYaUCnkaQ0TqdFtgCL4+AN\/nkCSfbAMPM3WKytlBk="}
00932{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":194963,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmRAbvLRPuncgRo3oAYECM66AAAAQEICjQMmc48IAyjFwMDAW1U2xza9iTqJdLlZnXQ\/mm+K+ldI52rwOH0S41gAU1C\/qJurwWcs0Lhv1nA5QMztQe7NgmQdefEqL2FR4y8f+fFdn3MCtv5MRC+e9CdAZQuiB3WyMZv2KsBm44vNeIA5jhgU5YalmtYwdbCYi1t0lzs0m21cuWCWpoILtpQQpJteSwdQeSjnzlV7faqShVs\/yjzbcOHzh8+rcDpaSGzRZZ+\/GpwAgy2fLwtiBEdSnsAGlZLlQ7S7SRqqg9WcKXsLYSW3+IEE3Gg7t7iw\/K2waP0b454O4X1ov2mBWQ7MpEfJ9RsWTzr9ES371I4Xt2\/51Uj49M9I8tRIWIounLp7G+t1cRo5+8daosT\/VSupRt1\/+MyNu56vVppax9SrmbrXd7dkz+oieRAT4N2HFKNWxSsgjfPwou4JX4LzoKhjX0NQHgoA7JGdfPvST3zQ97Yhck9P5Z4vLFZKcBk0ndRHhhJ2XergcuKeSh64rI\/Lg=="}
00935{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":195119,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmPAbugsPjjcnml+4AYECPg1AAAAQEICjQMmc48IAycFwMDAW0EmYEG\/nyhdRB1EXn\/YYebkjdhYDWtJ6dVHGAV77MWam2jTIPcqLAU8acR1Kiktnzox1KoFEq3RIe+KZsCbsmOgSN7rQXPxI4A0IM1DIewKcu2tY5WQ+ZCvzbCCIhmpWXr1836laY1mxMHX0Z2\/BMudQMQRb5EaEciDvA8l+hFeW\/KbS+dqxL6xbKKIK3URLF0iz2gb7VbTbkcZYMdtdaH3auRv5o1FuoCxkTc7\/v6aSqHILPcCmlSGY+ZwY1YqGBFjFP+FZJ8+1U9JIGrGrU8LvUQDGCwzMENalM7pbD62ygsff6nSL5F+8IrM5iMdQkzpFVo\/aBU4dIyVTU0z1rUkn1SF8yVUm\/37YLaX0txSb\/DOQFjF\/+iMQaCLjtcyPSGDyg\/Ad88qfUzUBNF\/R3\/UJjBgwSQ293ilgnnwniiCk4tALK6wLMmC0+clSGOFO7UsCoDsSRiC4rphunV5iLUJ7Hpho9+k4Z08n4mlw=="}
00425{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2hAADQGgL+SMDoSwKgBsgG7yZBJLtZWAr1zaYAQAfhukwAAAQEICjwgDLc0DJm6"}
00840{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199317,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjN2lAADQGf4+SMDoSwKgBsgG7yZBJLtZWAr1zaYAYAfgmqAAAAQEICjwgDLc0DJm6FwMDASoG+IVoZspJWbAzjHMk+jGna\/EMW\/zVG6clqPZmvmtjGOhJZao5xqzCyt1OMIywvrhj\/H7NTcpOGhWvRBaNgY1oXiWyMaSsdmjHWjnaYpc8tQ9X9Vvei9pLKsA6avyw5HbKJdYJHxDzIzTnlGY8k+\/2Y\/yaVcmAKQ72\/jfIrHap+ZWYaJd+FlitVNgVllAnYZ5j6Ia6kYCuvoj6i\/MgdxqWNZP50y3dsAOc6WdV9y1DW2V3H1nEsLlKcDHeJ+iwEUCHNGCXa49HVRR5kcFYfoQKGkcbDrOH6BcMdyGcFR5HvOGcnT645fa4zifB8oI6cwyKt8gY7fb39GkHcKSgF6vK7QgC9WnYR6J+zy7zTIko\/o3EZpCsX0HNvWC5wTFguMDOdgMjjM80W21y"}
00425{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199378,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXTbSS7XhYAQEBpduQAAAQEICjQMmdE8IAy3"}
00425{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ru1AADQGcTqSMDoSwKgBsgG7yZFyBGjey0T7p4AQAfhiWgAAAQEICjwgDMI0DJnD"}
00425{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2pAADQGgL2SMDoSwKgBsgG7yZBJLteFAr1024AQAfZr2wAAAQEICjwgDMQ0DJnG"}
00844{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210804,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjRu5AADQGcAqSMDoSwKgBsgG7yZFyBGjey0T7p4AYAfh+0wAAAQEICjwgDMM0DJnDFwMDASprTsQKu9s6aaCEj+w7ZjrqMdxY1YwTls8\/pAgJZGFFKQVPKgDdKpYh3+K\/By9DOOTpcwgAOyavB9fKHp6uzhrHA2VS\/iWboLvDMORzJ3u7ns4KJiDX0ie8g9wGHpJuv77OEh+h8WcWltUNESMlkrFo\/ZLrSVbM1YlONLN50AkxLQVcfLcLLoHktq5OSc\/yCyeJt9PFH3yESRpYMhgkAwhHEvrxhoMA9j\/zLboyN2JX16IS7XWL2fGO\/KTb4xOpxU8niCpVj\/JoslZ\/oouZ3jesMFH8qCeqk6Hgj1+5EO6+mqH0YqKPot1QM7KNudqLR\/rmKD3\/onknThUaQ8CdX+VUkopodDy5\/dVg9XqDqoP2AP5TAimTy6lIQbY2F30x3pfOHQ+p9noSRaBp"}
00425{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRP0ZcgRqDYAQEBpRfQAAAQEICjQMmdw8IAzD"}
02379{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":212445,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUN2tAADQGexySMDoSwKgBsgG7yZBJLteFAr1024AQAfYGaQAAAQEICjwgDMU0DJnGFwMDATF0RHAawjZ1xwJEpkOucPPB70wmdUpLM5FGhxZtPH01hVZA+W1MH0KFQ2ngnqDhR2gC5NtZ3qAH4foqNBGYlIzd6czfKVwMH0UNytJFOlGX960gb\/73I6scHWNSzZrVTjkEN5LWyFdJPZ80mFXmwcd9kldsNT8TMiJISLbE0jgKFBW6MVdOYy8lalV\/Tea36X0DqVQNOXDBFUT4bfOCE8nlYvlh7GHWrgn1q2j3E0y+Gnmr3JMyHzyeyL1oS1chX2UHYfzHB7h8VN9GAdClP0jydfowKrGvdRqXWGqVHrl8Thr0gdNCE2bs5t9XlDJXd+24FyoVLY8r1l5lvDQhDQFyaVCmvgM6yursou+DjlQ7qopGr\/SWBtSeRWCpQ5Nwklr\/ZrtmSz63y\/9FTxPwAQLqrxcDA0ARl0YUIyH632gTGpJ2rd\/KQnV3yZTVwSP9ZfFOmRfmhz0FkPaGmmzqjKZUl9NpenolIKr+b\/uzfZTGEnJP0yFzm3aNuvUfv8xemXY0zqrBx3mIZu6G9Rnh0+io1Gz\/5E7Ih6thABLy8uMsPT5F2E7+n2VhhRjmZ2LvV\/qqFxKQnurqwdKQVp5PUHV77C20XWufw1dWwoVMXQ2gilyg1mgGW+WeO42NC4hzxj0xY\/EiTBAm69Jcl\/d4a0TVV+mfdyDzSMu+\/PMSxOFlT55NEAKmXgq5BZ1vwotjBw39UqYDnUMZM2mlTcErTDHcus6LlhvkcKsWFLLYDs67P\/tI9EmaQplL2l6L3V3hEDozbgCQwZ7IPorLNAFw7OPt0dEG3IAFENzyzL5nz17DI9c7KlxI4y037ZHQEF2zkveQpoU+x\/7xr8byBZ3LU+iyxy3mO9bIyjPv3OKwKwP+exZDZnexXL6lxMT7m9oBbRtON45NogFu4ZfWEcjbFjIWVFUUBsYLwA5\/BLoi9z7bpoKIDFxSkblYC5T6MBs2W8rRnSF9E2TjXy3nOBYAKCvzT79o3eOiejVTJd3W5ziiyBgTwV8z9+qRJmwD2mIMl\/A3ED3nV\/Sm1c559\/OgUCW79HrUHuaB+BQKUM5BeIjew5QEKacGEOnV5qpdmNCAr4Nc3yLIealKSSzvMH8cduykEbHGL8Vi5MVTKKK1JEPSwkD7zqWftg8uRaESS8JK86n40vS5vJlQ\/HUu3ZXXKkpt+dS0fXLRyqrLIlr819R8ZiGEdFBsYQ0ST5BCZ2616WT6z2r\/yPkzpZpxVg7xX9chsjlnbJXPWpnjtfKtHX4KpTkXidK6p8P3NHGVjI8DP6mENQjWf1CMHSveoFMUUbdkSWWLovn\/IdQi3vqXA3w1GHxW6t0Mw8fDHhX1vp97B1j4TpPOM+mQhi+HEwTIUBdNgixwAAXmTr67LQ6urmmsQ98IalGtbpZmeOuU9t90DZDogBhtlBzR\/xu49EPxt\/11GpDHUHIqnlt5M+QalTTKmNpyf65nyrtZ8AaW0C5hX63hP7HRYOmfew\/7Y8UaOoINwJz02yGVfIZ8QiID4wNrWT2mWTYG6y9fYYPcHYgsarsCRtmNoP5DECEg3w1YA3zl5hYEYg0JV9w33+dp5TwzKi2\/HXskWNp5ZP5ng4bbQWNNfGwKfrHnSLK7PjGv5Br\/e3MbXY5nXCzLNJPPn3bVE\/Xg0DqvwaslmH7Lfb16dsRJwX1xpe6AHyN6jlIuJtMRYaIdD32X4acBjIKVQZX4Mi9Rk1jiJt2MheiNW5jV3xqLTNIAxhb6vBP9ciZyU72WrmwxOFivr7S\/qDupSUMMxjY6i1pIhbg0Zlzrt5XVcNeax1+NM2TGG08HaPX1+PiooNIVDZwSlCNvPvGwNLNu34lbxQBVhpQM7mPqvKDARvtZVZSIFirsxNPL2vU95lZA6oKDM5QvYfYP7cFFS7Xtv9DiRPGt9xTvuwuC"}
02398{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":212559,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUN2xAADQGexuSMDoSwKgBsgG7yZBJLt0lAr1024AYAfaswgAAAQEICjwgDMU0DJnGggbaRUBnA9iB8\/\/pIgT\/IGEA8ghXPMhk2sjYTlERDRQhptygv3oYwuAGVIALZ2YmhhEQwaHyIB\/oFHv+j88SvENwtHkwcdjPhEBmrCDaR\/\/a1L5bE+WsLHjU\/U7CuRftKG5qJX7c\/oggdsYaCLN7Ob7+TC6eNVzIQAki0Zc8tOK\/YoJVZjsOI9l3lBqqbRD4h2fEN\/8LnS8IFJmT0QdABeBvmWviyC3JcFLtpkJCOePEFW77EiiYjTPHT3djiRBwczUJIFrpYimFXc4BvvcPMuxc64mvPWsmy5AeHrb2\/\/s8pLIa9Yo\/ltXPUvz4EQ1ERogHhDdz4ii+YqfIdWSTg8EsVKae0znHk15bDazUng8ALmsyD1KXP2YVMIcVebKKt+CeD7Y6k+n0fNEM8xi3v99uKPAi31mNZSfMUgrZ+SpfKLNPmbTclUZyPLvMFvQz5VBw+Lept9Tq9d+11dKTSYz\/CC9PdLXr+pWjWYdu14ffUhPqhYRkksOBrihnXaxX\/8D17ZHkZxv9eBA\/z9xz2V9HNWIZNs76Fw5TtCTl9\/WdJxtW+xvtkRC5TPe4g9rNqar8eX7Fq5gMzeuCX8QpuP5UYdrSvGbREOAfv4e+vkeWQVCLJntzBCCB7luyAGfrubFUSeJJQ84m3WRHl4QbaI\/cYPRUn\/GDXIosc2JzWf8yPRJOm2hWUF9rW6DLbArnscFZQo7CCIiqoXo8x9sk\/dqaaTm3Ne+VnFiOVgKFmkKcXwMmklD\/Aq+xLBDDnhQD\/LbzBROxRnl9sQKYQ57DdbFhXAPnapsJPrO4RGraEFQbEuk\/CI0ppxyEYulcvuHpMbHUVU86FYQfylrKCsKmyqB3jT9E4sVThvSegxj09AWqdkHDm2XT3mbK24YpQ+Mo6qE6IPGe5VC9ZCjZYgiWLqbWUO4kkbv3nk5eAuJJ5tMtZwXixhT7GUUvhIMX18ORedC\/49pD8UH65qvO2\/8h7wii34+EI88pvtWVR5HWsydL9US0QJ1AiIpmQG9\/nS0\/oKN\/5SeYrfbnfvoRvRycGfIS4WSEZgxMRGBRKlyETLDkaglqjEd\/tM5+oa\/zqsc28hQsBNYhpEVw7AC\/QwuVjnE0N0nAko5cRsT5pd1zIQwLVb0DtnfAYm+gT5VeAtTbbzehbZaV+Was5xq9qpGbi7GLuxPfd4E0xD\/5NYgCgsHmRvGSOMJpaHiPEjRJ7pw4n5RNmW7SJLla50LTUsas3vJguztLalyOeLrCe+woiQcmk5iyzj9\/750rMRb5X0hOYFb2IPNKFSM1OZBlAUa9c2rXwccyN\/Jru4nLn6RpLOvPO7VVxpx9kcP06M5mZU8f+9RRNItAmS9Z8CCob7a0pnxv1sLtQVdysLPUqi5ys3VbDk+3YQq6vOotmsHf1biJL6q\/RDVPYeCSY3coXP5mqLce7RYWWLjBn2MDAyJn5Lhp6BEul5qVLsSZk\/7plKPQT0YTifKRGvadRzqaIUy+rjp2gfNj9pc56ld0AuEkJ9IXBSrL4gAk4rMSRee8gNIoFpLo6tzvVvWoKGIDA8RsDnQJVUcNfAy9oR24iKlZYdJAHV2gAxMmAcInaNCxPXBu40O+Tdwj9lgnH1En\/BmcaZMHY4dYAG2h\/4VtsrKJlOhnHJjz5mXP1NOVas32nYmYBwc9S\/DwwTU4cSU3Rtd4lwv5giHfBZ+9ptdmKxo0\/5b\/hCQZaWAQ8ZaR5CLb\/0Bb1utNqDyR\/rNTor5Xnpoprj70WfLvt8yZ14\/JY1kDc8Xb4IcClQqMD6slDOD+\/xqXEhguiQVOvX7rAtd6HBBtYwN7HJ0Imoc0BENCdUZVCw58Dw9b9ULseixYQutJXMlokrnP2CzfCXypLbhWN\/nihd1MAQVnNStFsIKi4L9J5T\/fllZMr+mOX6aEWGYNiUkL"}
00425{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":216429,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GixAADQGnfuSMDoSwKgBsgG7yY9yeaX7oLD444AQAfhSEwAAAQEICjwgDMk0DJnL"}
00843{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":217704,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjGi1AADQGnMuSMDoSwKgBsgG7yY9yeaX7oLD444AYAfhr7wAAAQEICjwgDMo0DJnLFwMDASpeztZqzeNHxAj+4hz3yYAgrTP9my3S7cBBG6m4F\/mxytks0O6DDBAZB\/zghDomWEzU+dzEkY38eF7Qg5+0TYkOFypWiz+AAZtxlqgP3F4vmeTyW40\/R2CkKPcYORX8opIrnxtb5TqKRv6FlrgRD2UjngUVhKA6dcxK9XdDo5NvHLz8x\/imrPPT98VjwiZUichzVIUh\/l\/oEfxl96jEMb9ygqN2dcHwNpmtoZFbGADCh15TmmeUvYTzxHW9GH\/j0eJ8+BURPnRyuw\/Dsb7aNBl8s\/D+1oCtJE9n4iP6LU4m4TXtSgvM6o\/zD7qC3MR9adtaLRvIJ0eikWIqHNrHTk+lEd\/qTzpoJgPnfB1L1ygwiIZ7zeAsnXvn3TS6NZKRSVrDtfqUBvxojnpw"}
00425{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":217740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPpVcnmnKoAQEBpBOQAAAQEICjQMmeE8IAzK"}
00425{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":220550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Gi5AADQGnfmSMDoSwKgBsgG7yY9yeacqoLD6VYAQAfZPbQAAAQEICjwgDM00DJnO"}
02385{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":223683,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGi9AADQGmFiSMDoSwKgBsgG7yY9yeacqoLD6VYAQAfbLagAAAQEICjwgDM80DJnOFwMDATGDXmNX+I9QTrE0Oc4hf0vKSLv+BetVGQTqqxym0znX1BUFR+u7Ajh1XlXwPT3q08TPNDfs8Tqk5+oKvQfNPRMnDzMYMoEJ5oOggfYWu9atuUmV\/S\/OzLGLsGoeIEQCZh7RDPAC13wst4qu5WYQgI6pZ4RgbwSStUHKzK1QgA3zhgDu+Kdg9vWwY7LFaf60qBYB1HXhfz8s7iHn5xsqLg8PRuyPCWxcXStRl0w9o65tkECE3jXKPFx8S6\/AZjNyRVAQ6SpMuaI9UWINexnAm6cjISur4O5cPW1ep4W\/xVd3Oh+K\/eJi5u\/jtuzShQh\/Pxqf3Fz6iJugTrlpNbp2fkpbp2mfiaAHmIL3g+TbiGJVvbMHYgVELNmXe2a2CUk6igIOev1fNvMEvGLi7h+\/jzwmsBcDAzniUE9cVzmJBQ+qAdXhiQoHIoRyBeeKXPoRIPEP4VyS2dn3o3\/yj6AFsBRWBWZkUCRBGpJqfePwylWwXYcvsPonbe\/DUDVvTSpJBXsz+4WuQ8AgbWC++q7VzXwxTDR0WDWjdF5ylOLKUy61IH3s5Er0\/LkRTpPCv4sPZTqlyKmXYaCSk3pwIMDH85SlTTlocHuArc7MscIKCgVXDRBxV+kIHWC3X+GqKbN07kbkjOtiWRj3Q\/XxZCEXXngHttmE6GdXd1zdWjjVICm9Y2xr\/nvoLAYZ+Yy+sAe8PkBobv1RhkDoLuvE0mGMijn5qx4uJ4ThIlo6JKOU4bdLgBiqFHTuQRDZxKcyelps0yWJp+5BLIsbjDMhLLIGXjK4+E8mfHOprrTIXU98V255V\/VAfI91MCYPuc03UutWFNd7C5fE5+osY+kb\/5PRoF1BI9yUclGiudfk+NYNdWYF8iUoHLanXaMpUNYG987TJnJzEOPNrqT8KASZbVP29IH2n1Zd9exkB3u4K\/zojitvVHFVcINNo3wicxeyvMz4DBcRVIO\/4UECk91xU\/kzE24GVv21ZJMZ708GbpwzhJZd\/sHeqAFZIqfrB7qOX\/r4REBeCzWmWm+RZ4V10U1uhbC5uA3yeQs333l9Wb+yAxVa2w2rI0W6m\/2ZcIEj0KP4hpJqnnzXUXL\/n8gEpSqfRPP6X3FSGUx4jDymnT3FANl739Y70O8xvMr+HmbDvKozKvzXkPLr7b6yjGMXCi7\/khPBkioFZsT\/TGbSJMUe1g2F+f7m\/eWZ1ogmmFgGNCed+xCpnsfCTgWjyTX0SOMwmBmniC0qIf64sfHNHSie5enypH9WLrDV3KzIESblcZzB06wDM6tMxPd35bkKsIRJvBrQ9K\/1s5VpMsBtJC9ZvCV7XBHq8SkmOZVnY+4grGM1cC69YA1gftHFvSllxcNxav9KJS5L+C801XxyvaS5WMJZF0kD5PD0lA1ZP3DE0UVLFMmXUBe5ZrgbF7naWn8mepSBH1lpcBiIHARXZ0OxceUZZptv01r+qmgzufPP+3DmSXgYDSUlBLg38k95ZnnJnTELfIBzbVqdQWS6sfE0kmEZaIjFikzqomsSNCc1xYoNjHwT5yPc+0DPhiajnKRTyJyuJOtpR9Yyi3uAQoXueADdjghO9r6CictOkWfzvgZosAIM9RX\/PfftS5UdaT6U5l3gE7vLk3b362KODaCDVAiI4XtZOa7zPCnXM8\/LAXRMty1zQKdwQvtHAyfCsNGNqEP+Gsx6\/ZUXqGVnPHfzQWmqqnP+hRgQMd\/NDDY5Qowy43HEV1\/0ICfYGRGaAMbJfgfIf\/Qg0fWJTSwrPEtXiiwjCJiYY+imXtMGphxRouUxp1GaDhKwwtV\/MEnYXXZY3XmdR5ER1P3bykGjVLGIYygt9DjQAUSJwUibgKAJSUCOoLEFcDx1sItP5ptN\/YHhmEp3LqrKSeKuJniyo2jKYy+Jc5IxbotVEduj4DxX"}
02382{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":223830,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGjBAADQGmFeSMDoSwKgBsgG7yY9yeazKoLD6VYAYAfZ6AAAAAQEICjwgDM80DJnOWBQWN\/Bzk6JX+wMkfCHWDizjimajWIBAY\/7wZcrWbX7GntVAaIOXGHYTtwdcZc3\/GYNWWjjQFF\/oWDJwrFIoBX3uAFKRfqz2Sz26Tb9zbzS3k7G7GMRsL2ElrndcG4AAr6Ee2svDvNUXzvfNnvdtg5x7OjFHOGisAaAKtv9z9iGixFBuC7dWgPZ7yQ70orPCxW64eF3iOSRlFtTM0AgzM9RoibLiRPDVpwbf1r4Z+NGM3OI6kcMQv6y3j7bK6t2pXDIFA\/z2\/+6H64DJ1N127O8c\/pFYRwJSASxmsv4PyV8+lviJPKFTPy1AXelEKuGHI5AsbnvFRecU5eMWAX5H2oW6Jp4BopL94r07\/ca9myAY\/l0Ge09Rw6hqiKgOxtF7rgmmx4xucMAWu7U5ijmwCo6zuu6qwQzee6jX1Pk\/cOkUXpO0v1R1a\/0\/+5eNv2wuwQg7OxFprBOJ0lgcv\/MIs5gGX+SbCMqU6XDAc\/gMMEXV0RieZSNrMNwgeQVhYReZC94\/kVSCru3jvvH0g4MyxCIitI\/uu1k0Et9vfCrQsneN23sENrcznsSbaeYzpPULHEpSD\/Al0oe7Si+DB5AB7enLDJ4hfUCLdJMxc1mNbatE0etq8iF5gLp44xS7iC8itiMVhNu+B+4AC7l1m6FiSwXRO1qRe9CHIh\/M+3uNcrcoO1+VpVqWr4xcUVkhOgAKvoBOtACZuuOtEzCX3Rdxrzh9EORQDVspIvFGA5xS3JlKwk2pDdnGpRE2qB6tTytCsYNQkqmXCpqOeIotCqWBlN1\/z9aNiVTy2qs9N0UJVsHJvr82BkRGV4HWscjUj4FR6Ha+nJt2w4PD8\/yzLAiUs+NHm7r77EyXT9kM0Mrj5dfdS5Kt4XHf9OPb96jdxTNwoa9upjaszW7\/mrZwgYPWhVrlzKZRJxs8xmyaD\/ByTzh499iyWo9NhxPxy6gfnUXle04PM6h+cUl7SpHnqRLs3eA9n0T591WR+sYadx9awaOeo276+Cdsnj6aih2c13sfHQER6IJiTNk3nTy9jB50\/2pSSmTAoWnkyYyhmA9T\/cfHuUPVz6XWU0F9efBlmqVTauJi8VzcXH7i1qkFhz8KsidETGTbkImgcOtEISeXUxg0GcUxA9E05rg53lwPJT7HKQls\/3Td6B1ov8fYQTj3iRzx2wgFTjkjKA6Ccr3aikIkoL1IAOEHhC4uvgrZ7hgOZf6PJrPG\/dGP2uOAvzije24aw56LOYnUrrwjmDumiXyD79d4cS1fPlEcY1Hk4OXvl9li4Fj00eNobyWLGLnDai6R5bItIAIugSqef88HZucBkbSclYG8iKKZecmiJBsHmJC\/qj2H1YQVD1VUAGcg0s3iJ21MGDYz7cj3z4LuU4vthZ60Q5xe0ZyV+feVEVChAgXWGflpxjLRnIeBmEij77dUr6N6Q0OI8lcWmMvDQBMuvOxGpUOWjgBlbrHhlYe2NNyUWzV8NEnzNemGBDZMcS\/R0Ow1o7rayw9B3+oYKj7cVxsoULjrXTpXFsLN2My3rTvcqHnwfLh7cA8g8fTbEeBsequGcK+hPRSEtz\/p5whkag0pKMv1J8O25cR6hluhOt1nrhuJZNfxc18mGOYvHufRoX58s0elR3CB70n13krb7bGPFvMHp26fhVtE+OMQkwO3NuMXnklp9ZnoLWiAa+v2hsEJN4iDrL9wXUaNlwFfHpFLiGDuuMIbqVc6YMQE1g1iQzF6DZrn9Bu2HGur+s6i6wz+rY9M4nnQr5JpuYhtf201aRku8fe4Ty71J3Spjkh8GmLQluzV7Nn7\/TMzGYSZhM3v1E6W0ZborEqLupYsSPXvDLIqNBkR5fQlUE2SrYH4YBRyf3c3ISRvZbMQKgiBNsTZr4FoxiA4sjDVuoLwaiSJTxgD\/xiSg9coeMqM"}
00425{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ru9AADQGcTiSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZfogAAAQEICjwgDNA0DJnO"}
02377{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226686,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvBAADQGa5eSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZkjwAAAQEICjwgDNE0DJnOFwMDATCFItPF6rhHl1\/YPDMm6GWa4HPcCuK3mqzRTOvvGM6NtGhFTVozdHMGJUEg+z3B0BwleVJpB0reYbEUloZUNqh+kMOlhUZkm4pupaUY0U3DCPm5Acsk4V8tBtBDRLG6xi5ISPF0fnoOemdPNS5pkmhpcXIQTJwrun+oXoL5UMlx4p6HorQcXT3ymZw9p3ypfFXkNfWHg05tgi2hPSGA4o2hvt12+\/r5TqNogm+YBmdd5EhiErbSF+joVzv3duY6fTgEB86x2h8HE\/TFVEHU8HKlPkU6Svy67aTvtbLONANSb8cpYbsgRmmZbRuoDoqmKhfmkhF8uqt5BA5bHxI9CRcQuESZNqQ03RWwnd0xSJ62fuTT7fNyfbaItVf+d+C4AcL5+m96krweQdTXjAV0ZPLmFwMDIeAN9X2eDfUrz11hvbQsIH5c5SfESCAAlIcc2dpQ97y8luRHUEzUkqXDf\/PLM9KOB4UlHlDacLBy1+b8ityG6\/T9TcqAtZtO8cZtb5T8k\/oOc1vYtX\/fgq8q48fIWSmBZU9jTzBi6aEuKMRRnFRhiRxNh9dyb0Yy2FB6oHFwHwHwf5PAHxnV+X59ajF1exRa1UMHzVir8f4FXkVOKMv8cUQQoB4shcljjAEh3YWc4GwJNz6EtfFw9aKeyANS\/FfpHhP17AitFF420+2PsvZPCQFk61oBLlZBkwQu2TpYfarh3hR6rObQFgBNt\/1xoQzprgM51ImkTMS7QSgpgPmVlxM2EATn9cyIKyHbcO4IofjSmxOC\/TVgLA4\/PR3n8QyGp4vmho\/FVYR1+q79PXff9tf\/5mnDk82iUl448pw+rTHDgB1Oejo8OWfKP5yNUeJ+CuRxcCMXRvnXeM1fLPveq3kCveongKC2oflEtuUNEL6fFI94HtalTDWb+Ux8GjoNpr6BxzJKzjHMKM6LZges2fD8PHJZbfzIaskZvfdSBuolTgW2sBuqhivFhjELX+oUCjiKGociBtPOA8Ni+\/iEtI9NJHp8aGoFdSWFa1uqewlQMVodLxawlNpmg0WtfeZ5YSM1OPkyyX4YciYb7q7tYNunRHDhhT2kJLE5A+8q5rTA3u0q\/wL3yJ6FCCwtYSbvldQZTy4MIsOSqzYsDbFrfXCZYTRHYU8H4LJOB5HUdwtbykh\/5sC+HVoyTLbuocH\/spyZYSNkpjWdlwHoH9h9umAjBgwyDAEwyXjzox1tkv\/qvECE3\/OJ6FiVTmMRRf9fk8lPbfiL\/rPXKcw3bAJLJd7PjfDQ8RdRnfJXD0cS6txrN1TTPgHumvmuAmrVsrS+bWAC0Yysl\/Bz95z5obxGI8PQbvH4IU3C4dLfyvW0Jdl2HjBK5yw7HYjAM2htntg23mpT3fqAfn6gy6C3g5KyIP6o4FqT2FGtQaU9Gdo0eFIKiQ4k0TzMBHtWJW0x\/Zg\/+rNMWKMN8WllqBzrpncwdqW6r89jEdyeR+UFAMUXkISP1VN8q7rZTM+jwA1qnjUi6YaGu9TgOt\/Q2Bi21rv6wZKWBIQvMkpzMFXnEaZHpOxm8PFeM\/8E6Wy0MhwWlBotTz0taZJm3bg+JnHp8U6XTLPeuyi+k9vgASq4vBuqC4FV+G9CoPjLqe5WcPy96wz34Gh0Zue2fVjELTOUewWs9fpSmP0Q39IZFXpW9Hs\/lWFoE5yPY++XW1eJ76eVN3B3iDAdUBtcjMOfxmSlic0NyNauA57QWMuFhJj6UlsNJvOpJzYCB8JfOI40SaKcX0nHBIBldeKKFvwAMCT1Y9LjaFM9Ab34HTrSHJye92uqoYM1CzMXhYOvDWXUHtNhZBQra1Olu1ergOfzFZC4stSCM+dwXkAKV8OPjlDGnieK85H2V5M8SEsAsk0jsbmK9VpvJeZs9zJUSvbATHYsyqm1FczDpSo3nRy+"}
02380{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226805,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvFAADQGa5aSMDoSwKgBsgG7yZFyBG+ty0T9GYAYAfZGWQAAAQEICjwgDNE0DJnO46bdv8K\/Cv0Y71KHBDx2E6DhVxHnO\/Vz+xRwx2MqZfoXdkMxPSicnl3rYCYWn0W24kGlecvyv7f0wZjyQvEeJD0ho1yneg4\/xbfN6nJQCbyAHn52qAkHGnKjO1KZDQzFc+5TrtwQEh+BUcCr8cmLjsOay578DJPCS8ae7imn292Lro+q4p\/3K4HTVpMrHgLfaY6hGzqsUOvRYnp+mBY5J563lmxOlx\/X\/oRuF++LlsfkL4e4knMLMkCVM+4iUfa04TW9CkLfEBrv4TH6EnUWnZyHOF8RFK\/1abv2HzFnA6zXuYU\/Kd5MKn+6eVVnhXGptFU+YDY9XL86PB+02SsiTjKa52KdTP+9os8CK8SqxnVrHpeE8v2tj2IhDJHzCsyjbWxg80M07qQn9G6WWAfhwMD03oDyqCwxVdIW\/MNogzyD29FkqRX3j9n7yWj8xN+nH1XMHDS6XIuSGpwiPcgoHxc0cUkIR5gIcEee+K3NQoHTxX6ggiXJFwDsSAltMJPa777kTM1SAmCL6mIKH5RFm5s+L7B9+mAtbO8rBf5cnca1izIIU+eT1mvlWCfXyubs\/uJZuUdJr7Y86g6QqP+IPTdFl4C7gy0KF+hZPVpBQkFjAx6PRGdxZ3N4LgGKVsnxLmp7ZUheaHfua3vO7HM7OSvw8l\/ze9oD3As+2V7Wmo2giwB8EPOPhoPXSkNhVN8I8jb+AsJnkzY9ecRVSW83tpBDyKQ2XjpmpBwQ9EVwM4CmUKlheybzefnWu1t1PoK21rSakqzAdjrlBFAfkN5f9coT9sI668vA7pI6f2kN4GZ8tIyQwALesL5d32vkjmxhcR9Ephra5vd9TYwTxhKz1Hw33GqfwwnnkzroMItWkC94MT9\/VKvHCr9Tkne6c675Spl2JDFJ3wb5Sydf4A7x2Qg3fRV4opVqzovvzIGgjiZp0CujVL5zOXAkS2HnJxxBD6a2gGfwbj\/Z6sWKOHuDmD\/QBbc9R3zoENgebZ5HtkdkM5tiFNi5InBSHUuObtHnicUdsBv00hPvLUdi0axYCkTtOQYGUheExhiPQQEYgxhPteOzgbjU3mg9+D4CAvzmoWQwsXki5G3MHnAl4MXqGvqYE35YBip6lmx7\/qQkQLExsjMjl+B7GjF\/GjOrYPDQp\/yGV3pHo3O93LWc+UPT+cyc6Ae20\/u3TH3HOo175rQxEg8VW8HVppHsPzIro2fS3GjdyYvBkuLUwDQqAMX4KVTQ4dnO2qsHL+PKVSYcWYly94o5AN77+DmqopSXpQNbyQlzyIzvrgEAOQMj3QfQWQ0Bn8P5Mj+x97H31p8bwf+iNIyw1Swh8fBDvI+AQ0NlZQabe8BzYQmSmRcuhpnkpzfl1wqCP41Ddi8oRLH9G6sT6xjZ+wCmKYQkpmcJBB2Lh8WPQieK6YZvKXFoH7WLC9q24PuGX50w+D4GOr9tvvtBJ2hYPSmZZCP5F+s59SjEghaoKmMGmcH3ppSVAXFE+rrhyYwS+lcqrXjygZhVDgxenUAdLAcDP\/yEtCVPz1MHb1t8t6r7oVmy9HlRVXy8DrtoIbjLDK+Zp2b2M4ERf22yJYBywgnxzDl3qvMmzni+KXjVOVDd078bzWIe3hT1D+ZNLLWcU49PEPJzQXgUobzxSiw8OKUxu2RM8AsKXQbk3i7x\/4DNic0LLIwxlebFuv\/Hup8TuMCyQR9whOnAxau+R2yPyGEHDSf\/wWqW4kDMsq0pZwak4tNm1YE3WjpiXtBoHK1xlAOgyUil\/3uCxlv\/\/guIJMnwv3zRPe9\/AZVpFL0rBjS9F0LKy\/khl2r2y4uw+8DTcXG8M12ci\/8\/7or9Eg+8WXPvfCVuEk60aMXsSqG7KFu6NpASmHnKw7OeZUmavwS1YmSksKTYzohf8zu7u1yDfIYmAtV0cNsQsU45"}
00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1636,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test"}

74
test/results/fix.pcap.out
View File

@@ -1,21 +1,21 @@
00380{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":118,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":118,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":242949,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":118,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":118,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00457{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243242,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04y1AAEAGeKrAqAAUCBEWH6pKD6BFDWoBN22A+4AQ\/+CtKQAAAQEICuQi8\/bKviaM"}
00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":264927,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":265074,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301176,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301346,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301518,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00526{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301555,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00421{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00566{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":353604,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"THK5MeMlACJNe\/gxCABFAACbilMAADIGAVXQ9WsDwKgAFA+gsgqYEHFBy+C1D1AYXjh7AwAAOD1PATk9MDAxOQEzNT1QAQBgAAAAEiZl+XgqbZqYOD1PATk9MDAxNgEzNT1QAQBIAAAAEiMAk8A4OD1PATk9MDAyMAEzNT1QAQBoAAAAEicA\/o\/4Kj\/T2Dg9TwE5PTAwMTYBMzU9UAEASAAAABIjAQ3SOA=="}
@@ -25,9 +25,9 @@
00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQZAAEAGvtHAqAAUCBEWH7tgD6AYvaG2cL\/HzIAQ\/+ABaQAAAQEICsPYIunKvicG"}
00422{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQdAAEAGvtDAqAAUCBEWH7tgD6AYvaG2cL\/H5oAQ\/+ABTwAAAQEICsPYIunKvicG"}
00414{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":395535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPlAAEAGESLAqAAU0PVrA7IKD6DL4LVlmBBxtFAQ\/\/9maQAAAAAAAAAA"}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440420,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440588,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
01023{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444758,"pkt_caplen":511,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":511,"pkt_l4_len":477,"pkt":"THK5MeMlACJNe\/gxCABFAAHxilUAADIG\/\/zQ9WsDwKgAFA+gsgqYEHG0y+C1ZVAYXjjFugAAOD1PATk9MDAyNwEzNT1QAQCgAAAAFQ1XhioHoSAAAAASIwEGMRg4PU8BOT0wMDE1ATM1PVABAEAAAAASKj0JADg9TwE5PTAwMjABMzU9UAEAaAAAABInARVzWCpMS0A4PU8BOT0wMDMyATM1PVABAMgAAAASJwDYalgqas\/AAAAAFQ1XhysBQG9AOD1PATk9MDAyMAEzNT1QAQBoAAAAEicA0Mk4KnJw4Dg9TwE5PTAwMjABMzU9UAEAaAAAABInAKMCeCp1O7g4PU8BOT0wMDQxATM1PUcBARAAAAAQDD\/xesxO+IuXAAAAAQAAAHkMP+sGt6ol2NgAAAABOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZWtzgrAKqjmDg9TwE5PTAwMjABMzU9UAEAaAAAABImNWfgKwC55dg4PU8BOT0wMDI5ATM1PVABALAAAAASJjCRmCsA0Mk4AAAAFSMBA2ZAOD1PATk9MDAxNgEzNT1QAQBIAAAAFSMBEqiAOD1PATk9MDAzNAEzNT1QAQDYAAAAFScBA2ZAKwExLQAAAAASJk8WGCsAtxsAOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZtmpgrAKfYwA=="}
00414{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444934,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPpAAEAGESHAqAAU0PVrA7IKD6DL4LVlmBBzfVAQ\/\/9koAAAAAAAAAAA"}
@@ -50,9 +50,9 @@
00528{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":597948,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"THK5MeMlACJNe\/gxCABFAACBilgAADIGAWrQ9WsDwKgAFA+gsgqYEHTgy+C1ZVAYXjhSGwAAOD1PATk9MDAxNgEzNT1QAQBIAAAAEisA7ILgOD1PATk9MDAxOQEzNT1QAQBgAAAAEgVVWCMBaV+4OD1PATk9MDAyMQEzNT1QAQBwAAAAEicBYb6YKwD0JAA="}
00415{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":598146,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLP1AAEAGER7AqAAU0PVrA7IKD6DL4LVlmBB1OVAQ\/\/9i5AAAAAAAAAAA"}
00483{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":647685,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"THK5MeMlACJNe\/gxCABFAABgilkAADIGAYrQ9WsDwKgAFA+gsgqYEHU5y+C1ZVAYXjgdegAAOD1PATk9MDAxOAEzNT1QAQBYAAAAEgVVWSIPQkA4PU8BOT0wMDE2ATM1PVABAEgAAAASKwDk4cA="}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":654913,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00541{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655263,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00518{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":665470,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"THK5MeMlACJNe\/gxCABFAAB57E0AAPUG+kQIERYfwKgAFA+gu2Bwv8hFGL2htoAY\/\/9dtAAAAQEICsq+KDPD2CMlOD1PATk9MDA1OAEzNT1QAQGYAAAAPxVYGakAuoAAAD9SAlu8AAAANAUlSCUHog0lSSkBDwAAAD4FWBgkYigrAAAAMCAO"}
@@ -70,12 +70,12 @@
00529{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":141942,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB\/PkRAAEAG\/3\/AqAAU0PVrA7IQD6CvTC8G7GURIVAYo64pmAAAOD1GSVhDT01QATk9NzIBeJwNxzkOgDAMBEDtg4i8jpcckttI\/ICWho6G\/xcw3fRcx1miECPNQqhKQ40\/iuaQpxubyXzjmOrTB0jP+3of0JLa8QHdKg3Y"}
00404{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":231279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAoyzYAADIGwOTQ9WsDwKgAFA+gshDsZREhr0wvXVAQWgi7NQAA"}
00587{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":245077,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"THK5MeMlACJNe\/gxCABFAACs6yIAAPUG+zwIERYfwKgAFA+gqko3bYJGRQ1qVoAY\/\/\/H0wAAAQEICsq+KnbkIvTXOD1PATk9MDEwOQEzNT1HAQMwAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAABfIMQERMzLwF1SwAAAABAAAOIQxAQ3Cj3225QQAAAAEAAAwDDEBibrhgmZ3LAAAAAQAAA44MQDGMzLwF1SwAAAAB"}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":320014,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328857,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00424{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00414{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":362185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00452{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":441940,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzcAADIGwMDQ9WsDwKgAFA+gshDsZREhr0wvXVAYWghDRQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
@@ -84,17 +84,17 @@
00415{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":942754,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkZAAEAG\/9TAqAAU0PVrA7IQD6CvTC9d7GURZ1AQo65xSQAAAAAAAAAA"}
00507{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422176,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00425{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422362,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9dAAEAG7ADAqAAUCBEWH5\/WD6D+vKsbjSdUsYAQ\/\/\/e0wAAAQEICtZGrcDKvi8P"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956116,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956292,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00529{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956474,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00477{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21192,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbUHoAAPUGljYIERYfwKgAFA+gn9aNJ1Sx\/ryrG4AY\/\/8jgwAAAQEICsq+MWbWRq3AOD1PATk9MDAyOAEzNT1HAQCoAAAAClkI5OEMBKcgnRAAEAATiYAA"}
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9hAAEAG6\/\/AqAAUCBEWH5\/WD6D+vKsbjSdU2IAQ\/\/\/bogAAAQEICtZGrnPKvjFm"}
00405{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":50148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo7\/0AADIGnB3Q9WsDwKgAFA+glvYLJrDIYuT9jlAQYmiNvgAA"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353296,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00525{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353689,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00407{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":404609,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00478{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":567320,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbkAcAAPUGVqkIERYfwKgAFA+gn9aNJ1TY\/ryrG4AY\/\/98qAAAAQEICsq+N3DWRq5zOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
@@ -111,9 +111,9 @@
00415{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":450077,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkdAAEAG\/9PAqAAU0PVrA7IQD6CvTC9d7GURilAQo65xJgAAAAAAAAAA"}
00480{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576090,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbCkwAAPUG3GQIERYfwKgAFA+gn9aNJ1Um\/ryrcIAY\/\/\/qjgAAAQEICsq+QzHWRrLFOD1PATk9MDAyOAEzNT1HAQCoAAAADVkI5OYMFgYg3jAEMAATiYB9"}
00427{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9xAAEAG6\/vAqAAUCBEWH5\/WD6D+vKtwjSdVTYAQ\/\/\/DtgAAAQEICtZGs8rKvkMx"}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662603,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00527{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662933,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00406{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":788876,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00507{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":18095,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABw0W4AAPUGFS0IERYfwKgAFA+gn9aNJ1VN\/ryrcIAY\/\/\/t8QAAAQEICsq+ROvWRrPKOD1PATk9MDA0OQEzNT1HAQFQAAAAClkI5OYMBKcg3hAAEAATiYAAAAAADFkI5OYMB9wgnhAAEAATiYAA"}
@@ -122,9 +122,9 @@
00406{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":99077,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tYAADIGmUTQ9WsDwKgAFA+gmLZKUJE\/QJIHxlAQWpSMTAAA"}
00481{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":100000,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"THK5MeMlACJNe\/gxCABFAABe8tcAADIGmQ3Q9WsDwKgAFA+gmLZKUJE\/QJIHxlAYWpTOmAAAOD1GSVguNC4xATk9MDAwMjkBMzU9MAExMTI9Rml4VGVzdFJlcXVlc3QzMTI1OQExMD0yMzYB"}
00417{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":142205,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoGO9AAEAGJSzAqAAU0PVrA5i2D6BAkgfGSlCRdVAQ\/\/\/mqgAAAAAAAAAA"}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668152,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00546{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668466,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00425{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":687593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00459{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755118,"pkt_ts_usec":23991,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPU\/4AADIGN\/bQ9WsDwKgAFA+glvwzTd\/tWnk+l1AYb96XaAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
@@ -171,16 +171,16 @@
00459{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755131,"pkt_ts_usec":957249,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP8AAAADIGm\/PQ9WsDwKgAFA+glvYLJrDvYuT941AYYmg0UgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00527{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755131,"pkt_ts_usec":957560,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POlAAEAGAN3AqAAU0PVrA5b2D6Bi5P3jCyaxFlAY\/GwoNwAAOD1GSVhDT01QATk9NzABeJwFwbENgDAQA0D9QET2Jw5JJLdIbEBLQ0fD\/gV3w8d5lVYY00BTVBlRm0GN2kPpBHcIuXEujSUGmX7u7w3CVI8f3Z4N2A=="}
00405{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755132,"pkt_ts_usec":7515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8AEAADIGnBnQ9WsDwKgAFA+glvYLJrEWYuT+OFAQYmiMxgAA"}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_tot_l4_data_len":23399,"flow_min_l4_data_len":20,"flow_max_l4_data_len":477,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_tot_l4_data_len":2792,"flow_min_l4_data_len":20,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_tot_l4_data_len":2072,"flow_min_l4_data_len":32,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":57,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":20,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_tot_l4_data_len":17013,"flow_min_l4_data_len":32,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":76,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":32,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":72,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_tot_l4_data_len":695,"flow_min_l4_data_len":32,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":69,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_tot_l4_data_len":21072,"flow_min_l4_data_len":32,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_tot_l4_data_len":572,"flow_min_l4_data_len":20,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":57,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":20,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test"}

102
test/results/forticlient.pcap.out Normal file
View File

@@ -0,0 +1,102 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1621067203571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":571879,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
00658{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":776571,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"EBMx8Tl2KDc3AG3ICABFAADfAABAAEAG92DAqAGyUlEuDfFtKMutlmzPZBHKQoAYECx8qwAAAQEICienPS4GP5CkFgMBAKYBAACiAwNgn4XDHhk9zkDSeKikF83Z2kCbBVuvXP2YO+k8PIUoXwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAATQAAABAADgAACzgyLjgxLjQ2LjEzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":840255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WuhAADQGqSNSUS4NwKgBsijL8W1kEcpCrZZteoAQABDUiQAAAQEICgY\/kLgnpz0u"}
02363{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":852128,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWulAADQGo4JSUS4NwKgBsijL8W1kEcpCrZZteoAQABBZ3QAAAQEICgY\/kLknpz0uFgMDAFkCAABVAwNMQYg+z1Akfi0bYPhJZIpw8023veuBHo\/hhYl77vjjiCBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01801{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854111,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlWupAADQGpTBSUS4NwKgBsijL8W1kEc\/irZZteoAYABDBnAAAAQEICgY\/kLknpz0ucHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQR+URWW5b3gDqWmVPPVzCdlCGa\/ZaV9D+4Y5LUq\/JTO8Pk5ntccgmPedHiM9ZU+yI6Wp\/rtlbvgg4DA+MifFvwbicOs51Y5U3e0warnAkqqHAVMg54Z2\/Qq5XYxJF4LlrwGAQEAWiagxs18C1Nhbm1NTKu8WaMewNWGkzOuz+sQcA0aJfYoWKbFGvHp1IlkAACJzZSXn\/iVpmF3vwwULnxcomU2Jm7bqHJEoHYbHaKETn\/JXTHTi9F8FfA9aTPhqRbRgB9kmFz57jnAd2soS7OLctE2FyEyl1eh8Iw34k\/LtieEZUTP0IVeRumrkcgyvDMtvHjnzQwo2bNJ1TF5ORTWalkmUYP7xZr\/I2xxHX45rTw+lu3\/wkZrzwYISP6GFzLrAwZXf9Yfqkdj3OARN+OOLJGBDKwq4Zwx2cHOfixpe9PzhlM7RkGV1O8gqkB5ewCDY+E+jNPxSzyZflcHUtKhGw1lJBYDAwAEDgAAAA=="}
01091{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00426{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm16ZBHT04AQD9+63gAAAQEICienPXgGP5C5"}
00575{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985738,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFtKMutlm16ZBHT04AYEABn6gAAAQEICienPfkGP5C5FgMDAGYQAABiYQTvWBhKDRHH\/ODiOXdjlYaQWgsQRuME0zv3XHyBRRCZmTerEMFWFOfxHpdD05AKQ2xP+jA6kpB\/8E5bgg5jjZwSOsuOZT2bsHpIGDYh0lqRNfLwBslWlCzqDoy59tf4QEk="}
00436{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985743,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFtKMutlm3lZBHT04AYEAChvwAAAQEICienPfkGP5C5FAMDAAEB"}
00491{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985759,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFtKMutlm3rZBHT04AYEACP1QAAAQEICienPfkGP5C5FgMDACiPvzq+zAUfbHcuAAZMPS9qDTujM0mpb\/a9HQZw7GJsXrVVo4K4R32f"}
00428{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":58367,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WutAADQGqSBSUS4NwKgBsijL8W1kEdPTrZZuGIAQABDJeQAAAQEICgY\/kM4npz35"}
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59366,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnWuxAADQGqOxSUS4NwKgBsijL8W1kEdPTrZZuGIAYABBhYQAAAQEICgY\/kM4npz35FAMDAAEBFgMDACghidHAtJpSKRWJ59jA1JNw42oTY\/dmGXJgbzbWcnpUpjfbaFQB1oJG"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm4YZBHUBoAQD\/65EAAAAQEICienPkEGP5DO"}
00653{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":392230,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"EBMx8Tl2KDc3AG3ICABFAADYAABAAEAG92fAqAGyUlEuDfFtKMutlm4YZBHUBoAYEAC3jgAAAQEICienP4wGP5DOFwMDAJ+Pvzq+zAUfbV7XzAzO8kyR6SPi8+PHCMVSKeRefo6BBzxUVgted\/7S1JXrgvYiGetmmO3jPHiDrhWDcVz4c+8efu3wOgT\/E492kxUPwc4UjVhxyhE1wUkDMmngdrzgo2WN7UjpoAyrOo3GIIKKfsJy+eZgSNyosoprodoMnyncoZZE4wMSWTW6IpN4DZSPYGeg92KNxCBdcNED2ldshwM="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1621067204622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":622472,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
00427{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
00705{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":827269,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFuKMux1NwBslSzeoAYECwJbQAAAQEICienQToGP5ENFgMBAMYBAADCAwNgn4XEp+uBSLXTSYGmDjytSwbEIFYHQALSGOu1WZB+OiBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":886490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImlAADQG4aJSUS4NwKgBsijL8W6yVLN6sdTczIAQABAlCAAAAQEICgY\/kSEnp0E6"}
02364{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":898197,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUImpAADQG3AFSUS4NwKgBsijL8W6yVLN6sdTczIAQABDMewAAAQEICgY\/kSInp0E6FgMDAFkCAABVAwPNKKzk0kFbGwK4GoGYDE7Clte2bxu4mBZlYF57\/OTSeCD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01802{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900059,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlImtAADQG3a9SUS4NwKgBsijL8W6yVLkasdTczIAYABA\/5AAAAQEICgY\/kSInp0E6cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQRDWmAmCg7XsTW+RvCAC0sbZ+SBRkSgFCUlkz\/IwN\/8c\/NJIrs+ILcpIxCCI0N9sDPjc20vF3fhrL8oZBKZYp8ZbnTlpZrSiKibycLeXw1ASLbNdqYX3C+izklbSVJ\/tokGAQEABsO0H8vdCw0252tfIzfTfFWWJXTldG3BxDkkL4g1+0rLC+30WT+5h111YwDniV9p6SpJPWnP79Ah0p2blDE6FrdGElq5cIPT03Cte5Pygktzt3LkZAIscr\/HNfshHX6DT6B6gCsDRe7LT\/CJ7zw1pxErmsA1VDwZhwGwND6YCSsyyG2lqPfClwFiQwG5pR8Nn9ZXofREIJEnZTR6xf6a\/b19Ct7XaRLkl4il8P\/3lf+8eWV3jWuMnq0bAFbV90AD4k8m030f14e+Hkz8j4wGDwWOwBAO\/Bd5sFNzy7yX+9njCybmLTwDm6Ou0XWocGTEvAzh2sjgkSXR1g9SofMVgxYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00427{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NzMslS9C4AQD98LYAAAAQEICienQYEGP5Ei"}
00575{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37894,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFuKMux1NzMslS9C4AYEAA1FQAAAQEICienQggGP5EiFgMDAGYQAABiYQRMlk9Sqm8x7BO7Ac\/JDkvTlimMq+ZTv2U1j379dVY8SgvRAiH5jrVV0Wx2QR8wjgugOy2ro2NKKw4TbZbYXO4ZIWGRnWkU\/sfj+8WhWYs3YarXXSOfhe5kLw3fJTpeBlA="}
00435{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37898,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFuKMux1N03slS9C4AYEADyOgAAAQEICienQggGP5EiFAMDAAEB"}
00489{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37900,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFuKMux1N09slS9C4AYEACTFgAAAQEICienQggGP5EiFgMDACgf6ycOGoisF0h9nBZSXpGNUmJ9jfcKojoAJNMP8smnzz4+kDYh3VrI"}
00429{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":108650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImxAADQG4Z9SUS4NwKgBsijL8W6yVL0LsdTdaoAQABAZ9QAAAQEICgY\/kTcnp0II"}
00500{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109043,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnIm1AADQG4WtSUS4NwKgBsijL8W6yVL0LsdTdaoAYABAqlAAAAQEICgY\/kTcnp0IIFAMDAAEBFgMDACiaUVlfnayZVBonB\/0bq4uxNvKj8siuQLcBr0MUxggpqZLArDcYZrpE"}
00429{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1N1qslS9PoAQD\/4JjwAAAQEICienQk0GP5E3"}
00655{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":445671,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"EBMx8Tl2KDc3AG3ICABFAADZAABAAEAG92bAqAGyUlEuDfFuKMux1N1qslS9PoAYEAC44QAAAQEICienQ5sGP5E3FwMDAKAf6ycOGoisGDmLuUPZx2+NBbgG8KhkWAB8Nz3dy4fDJtcvavNE9o\/ywFaGef6yNl1gdZXprd9Iu5V1f6t9\/EoQ+5QZ04TdKwgyu\/EBULZ7KUZNs7Jbcw465+G0CHW26Yhh9qQ0z2C45s76iEvhqy08QAZyAysN5FJGljaNK5642VdzWV8l8lwsxzieIYZW6mxl3LZE0\/8o6UPl0seZUrJw"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1621067205651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":651500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
00439{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
00427{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
00705{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":856632,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFzKMsSeiBD+wn8a4AYECzNugAAAQEICienRTAGP5FzFgMBAMYBAADCAwNgn4XFQZiH+y8CHLF8hTQg3ogVgVp4VG9EWDmmbkf39yD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":914177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRJAADQGlvlSUS4NwKgBsijL8XP7CfxrEnohDoAQABDqGAAAAQEICgY\/kYgnp0Uw"}
02365{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":926006,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbRNAADQGkVhSUS4NwKgBsijL8XP7CfxrEnohDoAQABBMKwAAAQEICgY\/kYknp0UwFgMDAFkCAABVAwOYnBh1oFf3ZFZgK6KsDRsjcw1liD4uUa6U3S\/+hnNkKyAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3Pc8AwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01798{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928157,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlbRRAADQGkwZSUS4NwKgBsijL8XP7CgILEnohDoAYABDaoQAAAQEICgY\/kYknp0UwcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQSpCI+VU7scjI3LZuh6jYdR3hiS+GXuFJu25gRBjlJW6+WSybs3rdoGEEOYPd0BnWod+IHDRUnzR2ptbIn0wosun1EaK94f345iYnt80TzVyXB5UPM880CNCqj3UAZBoVIGAQEABlPh0A5Bm60QzR6b9DrW1Tfbwxn2udCztNSTaJXT\/2w4ngli8i8InoI82Wg27s2xkKI+vFQA6sFXSo7U3KaUCCEJlgLtSNg\/2A\/b\/1bwkoDQHt9uOpgGm45ce2lS1OLsqZDhNE\/gp98CcpcVfkuoaFWhyChqJBI6ViV8ayFLbffU3P9h8KG72wFOW2INm+MYlr3WytPis+HH9IVw2Tjc7jMVS7nQhFv6L7\/0Gi2LedZL0ZpR811lOPPCyOX6piYedCFJaL4vZDBViQeRrG3asy2ZAurbxozYYclAUua5HyYR9ykN7S9W1f2gspfkn5vrULgtoCnuvsoXYPofDnqTfhYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00429{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiEO+woF\/IAQD9\/QcwAAAQEICienRXQGP5GJ"}
00574{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":69996,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFzKMsSeiEO+woF\/IAYEABb9QAAAQEICienRgAGP5GJFgMDAGYQAABiYQS5klChCa1nu02InQSoL0lqkSpQKQso0+o5k7FR4cIlwmA8FNGNPgAOoglyMxSwmZD+xq8zmrxdr8+9ElnZVss7a3SMEwDf9mpkhDJzZcJXJeOg4cqF2AXi3h7DiDRygyA="}
00436{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70001,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFzKMsSeiF5+woF\/IAYEAC3SQAAAQEICienRgAGP5GJFAMDAAEB"}
00494{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70025,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFzKMsSeiF\/+woF\/IAYEAAqwAAAAQEICienRgAGP5GJFgMDACg\/EKPn7uMD3g\/9A372am0PiizumOS\/7xcBlN2Gm6fq1JY4BwdMMHUP"}
00429{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRVAADQGlvZSUS4NwKgBsijL8XP7CgX8EnohrIAQABDfAwAAAQEICgY\/kZ4np0YA"}
00499{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139880,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnbRZAADQGlsJSUS4NwKgBsijL8XP7CgX8EnohrIAYABDIqQAAAQEICgY\/kZ4np0YAFAMDAAEBFgMDAChMdauOcW6Ls8zMpiVvg2ZTht4sOE2iePygPE6IcwmsrDzF4ZSHgKvC"}
00429{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":140004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiGs+woGL4AQD\/7OnQAAAQEICienRkUGP5Ge"}
00690{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":274735,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD0AABAAEAG90vAqAGyUlEuDfFzKMsSeiGs+woGL4AYEACMlgAAAQEICienRssGP5GeFwMDALs\/EKPn7uMD3+wpjQBRFW8e1EcPlV6Q6ObSOqheHzsJDzuPoZN+Gy1ymx+9FyKqEEkIOfMazwYQ1jHzyLN0ANGU6MOzbuoIkP6aN6cUV6Hq5u4aMPaai27JxkjW\/meB7CaPzYnZwVS0XzMoNt06YmeNjlaCEypgQR5oxOqm3kSg3\/Prt7AgH4LaxXpG1bhEcVfWFCh9HtyS8dBtzsLRqJiDXjhHZNpSebLaEzxVTZ+rzaFcK8i17+PsWOwB"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1621067206773,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":773010,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
00439{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
00427{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
00707{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":977150,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfF0KMspKYnKzXsyaYAYECwOmAAAAQEICienSYIGP5HkFgMBAMYBAADCAwNgn4XGR7oIUOrAwfXLNhOc\/stRXR3cpjisHDHrOmoG8CAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3PcwAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":36967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4NAADQGYIhSUS4NwKgBsijL8XTNezJpKSmKlYAQABBcsAAAAQEICgY\/kfgnp0mC"}
02365{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":49233,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUo4RAADQGWudSUS4NwKgBsijL8XTNezJpKSmKlYAQABA9RwAAAQEICgY\/kfknp0mCFgMDAFkCAABVAwNnZ\/OJo6RE7hyRtbLqvOcQnYNZvPW\/uW6Wzk3ZmtG85SCfyViooWLsKJeuaidxXFUrV8SrVuQwq5HnaWw9\/qL7fcAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01799{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50833,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlo4VAADQGXJVSUS4NwKgBsijL8XTNezgJKSmKlYAYABCMkAAAAQEICgY\/kfknp0mCcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQTUu6wEEm6jsmXU0yCYD24OySeP+iql+oNZD\/TENWomz8k3jQ0IADMd4YxMPl5ytWgSDJI0fUn4l7Pbd8SWOodXcjYWJky+pbPSTG4pE5j1a+TMscEtWyiG7MEYLuOQnp0GAQEAeAyX7k5IEdhJ82TRB9jAixL1cTZ9S4jLhZM9mQDF4W1ZbAysAmH\/epKtzFX0GaHRNM5NqLRszFjgjwLZvy8GQf6PW2tsMa4\/XjHwzG39mZZQ\/tuqMW5fGtDACQES2AMZiyyWKtl62n5Tzfc5bRe8avX1eNr8vigRLuIIT\/uaxkBEqMs5SKi9qQ5GA1gXm5\/Ledt6fXFLZ6OJdUYI81WtqDQPwxsopyTTYPKIt5qWywK+XI5DDt4ZBx7H4ckwY6RQK1SzHtbuVOlBs8zaSezGrl1YMez7g+S9zMTU\/dkvPCBz\/Y8RRU9GC+Hl3FW3p8IpvWvTNllCUHU+afkH6s7cBxYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00426{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYqVzXs7+oAQD99DCAAAAQEICienSckGP5H5"}
00576{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191301,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfF0KMspKYqVzXs7+oAYEAAu7QAAAQEICienSkwGP5H5FgMDAGYQAABiYQQ6kYoBbfIPDz94x4EusTtku\/dKN6TebFHE7uNWy8hsH504MR0EB6yxCJ\/pHBUq5uckb9Cdeka0R1KNmmvqhigAcMRqWMpqtJ6uOmMrC9CHBTNAsA0RhGxxoAIhd5OXoE4="}
00436{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191313,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAYEAAp5wAAAQEICienSkwGP5H5FAMDAAEB"}
00491{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191346,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfF0KMspKYsGzXs7+oAYEABAWAAAAQEICienSkwGP5H5FgMDACjQiYyfqMB2pawPsR9Y6SCtqKtiDKoC\/WclUtRXEJiI+cZ2+gMJ1f+8"}
00445{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAo4ZAADQGYHlSUS4NwKgBsijL8XTNezv6KSmLALAQABCzMQAAAQEICgY\/kg0np0pMAQEFCikpiwYpKYsz"}
00429{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4dAADQGYIRSUS4NwKgBsijL8XTNezv6KSmLM4AQABBRogAAAQEICgY\/kg0np0pM"}
00436{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259296,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAQEAApmwAAAQEICienSowGP5INFAMDAAEB"}
00499{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":262580,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABno4hAADQGYFBSUS4NwKgBsijL8XTNezv6KSmLM4AYABBEPQAAAQEICgY\/kg8np0pMFAMDAAEBFgMDACiulq2pdMiDxsWPQvueOyAAw83reAvmnyN0DGxWcBtQ2f1JK+jBTh71"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1621067209199,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":199710,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
00428{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
00854{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":264717,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFtAABAAEAG9tLAqAGyUlEuDfF8KMsekCM0XLl6iYAYECy4MwAAAQEICienUkkGP5LWFgMBATQBAAEwAwME0ZbiTglAl8IIF\/3QYtFxUOfO4VmvosSnyqFik3+gECB0m0E8n5ro5FpA+fOauorg9Y\/MUiqxzclkM+TtS7iPJgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACpAAAAEAAOAAALODIuODEuNDYuMTMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBs1PQ+qJEvrZx4kd6w\/yirfgThWirK26NCg33JqRCxNQ=="}
00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00429{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":326813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA06FRAADQGG7dSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDsXwAAAQEICgY\/kt0np1JJ"}
02362{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":346748,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU6FVAADQGFhZSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDZeAAAAQEICgY\/kt4np1JJFgMDAD0CAAA5AwNUBzBqQ9tE91yRCnCEASczkwE6\/gOv+6viNjQyh6uYogDAMAAAEf8BAAEAAAsABAMAAQIAIwAAFgMDB7MLAAevAAesAAPNMIIDyTCCArGgAwIBAgIDNbsSMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjA5MTIxMDA2MjBaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBGV0Y2MEU0UTE2MDEyMDUwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSSbeDL59AaE\/YbeK4vLxOGTRC8z1T52auxgMnWDBMfI\/ZQkiG4nTaN+pFmIi8b6N72RXyz1HqbMlcdW7J2BMiE4yOHlBgg8dFbhi5at6eRYB0K+BTIw8wyLPWFEEm8t\/EZ8y4q6JyJil2Z7wjAWVXPRYRm1CIgqyliTcsQpAVGDsQqrTqEftuMZLL1KRiJ49fb8r7Q5ScvQrMYalyVHOdSVcd9tWJ40Z4JPF5WlChArTwPYmX4XBFUTvRCwvhkK\/pUxdhAIXU+sZHemowKvmd2vc4tNuYfG+8T3Hx3HQqsS6k+n+AAh5Zhf6DrX+PaEQ7lltXju\/ZrrX1owMIpMXMCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAacV+rYEHuyOc+fubErEtwHUVQpUZeYDK5yn8H0dVNCgTXteXX6vlWTR72ZmeOxUuDvryn15saKIl0t5hEOVcryDqo9ICczMKEJgDJty8BjcfFRiNIVP+o+YidWAivLSyFEiWtwCZ70DcnKUoE9W7eqIY0joJotSQLUWvGr2XbGIRZDVOOSbpnRHUIRnBTjXbyFUXki1LyVwGGKR1xeO2yHcqDgajjW38lUHoTNtDwmFozb+NQN0M2gao40OkeRHADDVdtTueGXgqTecPbhyOznG7LHTj1VGeaunb2dek67U2jG5Xadxob6EyVw1oQZfx7xFpJ1jlXlX\/YogxAu5rMAAD2TCCA9UwggK9oAMCAQICCQDa9ja0Q9SlizANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwNzE2MjIzNDM5WhcNMzgwMTE5MjIzNDM5WjCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y"}
00885{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01763{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348677,"pkt_caplen":1047,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1047,"pkt_l4_len":1013,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQJ6FZAADQGF+BSUS4NwKgBsijL8XxcuYApHpAkbYAYABCpVAAAAQEICgY\/kt4np1JJdEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUO1Fz0DUSEsjDTllBSNE7wbCm1Q+DISmLeL\/rw0SdxmaCmu4EH6Cfq+DNeMVs0zTdujaybVLrWElJg5l\/5ua26NuCY7RncdRcyi+vt3Ayh1A1fMGQiNA0GS2poYGzSe379FXq4LLiV8afLq8xSQNuaW6sR\/V+rtZTrODagjOgkx71afiKpmRrnFZhUEzIfX4hNC9tCBWNCucHPwt1z9T2tAs1y7urJo7a9Ka8F4rBkok5MYNPh00jtuLb9KuQAT4H8zliqV\/W+oGjLde694UouRoShJWwgxi7TG3SnJXW6MTQUGeZ8T0TRUtui3XuXbgfI6HOkcHYL\/XbMUktex1jAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIcX+43sZ0q0zbIaaV6YjJpSuQvR8bkEGUE\/3atBZJjf+3Keq7YJd+llHwVPeYmtKvRiZ2sW0lqVzuI6uME+b5RgiBGomoySycdQRUbu3TFGZ5JqMiLyk\/Pd2FBpQGXhjBP1l1QWgB7I+MCIWCDjL1Ju1Qd8FCvUo2bZ9KhhM\/jo8Zlo5ydvnJOu6WW0S5fIDrkQejpBSIjafLJTtPIOJVyGKrhyJbQu0QmnTUD896n2L1uJ6SFuPdOCR+AlALc720XQ7ODAr7MyrjziAr5uqZ6op9QCKifuHDMD61VcgTeTbCIaIQFI0hC7ZViUdakOx0+UPbVSwq\/6jpxBxJKMuIcWAwMBbQwAAWkDABhhBMm9s8Y8J88iOw9K3+u\/3AfajdDmrOpBOO7giMyfvSo5L\/76QGF2ZlvSm5\/aYk7PEkCLUKOwycUsoss4h\/BaMQU642JPmP9wHYeCTg+9d9CS\/+TR1nnQLnRts\/8c07kKowYBAQASdYRrtnQlQGsnr5R9dQPyOge8X+Ol+hFeyjDQ05ioqRL2NErNJ\/f\/5E2vi9SjcqwCh\/8Rvtgxf4MWxHT6e+W4J3MkugNzmGTmtOIZuWfKU069SGKwwFKpf99govz567LcYHAuM6Fcu8TDjaNFc\/xkEzhqjGXW0+ocq9JKdMBGLnb+ooYJ1j3Hn3gnd2wBcI5NVa+d6JU+S2SHRTFuxmt5wnEO8a6XCffR1RNI4YgkpUsYwj8KPa0\/FY2fsM0Y7aw00S1JBF0SQ1uMsB4H74MKpmQ1XhXANJp1eqsFjBJ8mFwjk1VcoRdvIoEIC3kt5cXRdjSemxw85wvfacyQB2pcFgMDAAQOAAAA"}
01150{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00429{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCRtXLmD\/oAQD+HSxwAAAQEICienUpoGP5Le"}
00648{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":359930,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMx8Tl2KDc3AG3ICABFAADSAABAAEAG923AqAGyUlEuDfF8KMsekCRtXLmD\/oAYEADMNQAAAQEICienUqQGP5LeFgMDAGYQAABiYQSZ4VMIFZunofNsZKskfH9CoUgEbmPZM0172VWSipLEiZJ8tBi\/dHcTG7RCWrNcz2\/AQcYpNTA8ndBbNxkUK+HcYMWAPwYzPIZ4h1KcmSlyEOlOUeciFUxTbOcYEEByNToUAwMAAQEWAwMAKFEeBZdZ7Ez9Dk9UFd\/JAeDaptobTxU9txDkeQwFw2\/S5DFGqpTkZnw="}
00763{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434000,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEm6FdAADQGGsJSUS4NwKgBsijL8XxcuYP+HpAlC4AYABGhyQAAAQEICgY\/kugnp1KkFgMDALoEAAC2AAABLACwZZ5ezzAqP9XZMgDoL75RZ9gKsZPtv3hFgtTFajzKS8k1\/xXE2UCuTttunJSuBdIuKnEN\/Z99ojHQB0lZwOl\/jM0gwh2EA\/I4zNTxQf7PJXpRHQf3ROtUVUwTQMijIEMa04osUwsU4WGHLeJX38Ov5jzlweBhxRbW+NGtPsf0oW7yQnCIs+4EBuGsjX4ef7FPEE4ombBosBmM3sxpznGrqFUZaO+DnJkmP0+l9yxH78cUAwMAAQEWAwMAKDjhilnLpQKXwZ7zjsk+KQxeJhW\/yKcV\/p5IeQ8pH8uqlOmBkLiZfsE="}
00430{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCULXLmE8IAQD\/jQwgAAAQEICienUu4GP5Lo"}
01148{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":863706,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAG9fnAqAGyUlEuDfF8KMsekCULXLmE8IAYEADC4AAAAQEICienVJcGP5LoFwMDAg1RHgWXWexM\/mIEDJ\/McXA79GaLqQ5pQt9rVkd6JDfUN4ZkXKSM5GEiQRpeNRfiTGywxAcOBrqBRZj1LP9N\/xr6kcPnz37IVvdng99Zu4qN0tu3JjAWqzlmGI8hL0h\/dF3ikHLYbqzz+5dpKPySqLIJXA2nqfQAyBQ6C78L+iHxvXCl7csbkhIKiJqyuobIhGViKzgc4Fz61jlXTZH5oUZlirB9FOYDKALeku3FV62alcW3sCkgk737CmTUeO1MDinSrEL0N1r84hQ68LeAyeYuDNJLdkvf9R8P0RWklgudkNlEIo3ijFTwEZeUrH1dKQI6FZvNSFNIrPAF6xijePjBkSU5r9TFijYT57lMN18yLTe+4Sb+ajDgAedyIH9R3zU09dyoMVoZbrKh0oPZQS1amJPq+cTaoweXsucOqHvJfib6fFONqLJqK1f+OjSvb9SKdsrmbV30wBxxh7RRNkQOvyVK2L+8kvnHlH7GU\/mRo3GXRpsHJ3nB3H+Z4Zlr1jfKiIhIQ+cC\/rGWj3sg1KazHr5l+rA8SAWkF6dHDkSndqtrQl9obY51F\/21FofIVg+RdqN+czJ2ToVOszESmLY9oYccQR+r1CfJCwu55ROBTq1M6E5\/2O7m1UwZ2WTFIAMVXKRbHfkuq7F4ixdDqxeVcKBZSjAIFXDlIuBm7GsV2+LccE0EHC+DBzSoYpw="}
01477{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929036,"pkt_caplen":841,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":841,"pkt_l4_len":807,"pkt":"KDc3AG3IEBMx8Tl2CABFAAM76FhAADQGGKxSUS4NwKgBsijL8XxcuYTwHpAnHYAYABJplAAAAQEICgY\/kxknp1SXFwMDAwI44YpZy6UCmGq90u0xpH+SWX7ArQhxGoFyYzhteRYnGGj9ujnorokis6dxlUOpBMe4Qi3frKXBnQ2KpQk9GehHhJQTecOvD8CrAxpffjF\/gLgBdNaNY4NyiIL0mrCmbImPw1uxfTGXZ2t6I8ey7fWkTARZnVFiEfNkCsuO5cKaJzkei+RcWDnnVeBmkbvxqX7105dP\/vY3dE2wX3mpkXVoDvUWoNh+u6NCMm2hIBt2LAvgDXKnZwIjOfAdJN09oXkHRVWoBuZOo8Iivm0wpzGFxAE34Lbr+07QO8zo3digkSQRyRGh1jAcbZmyz+KLsajqn5cJMrJ6cGelxe+64at6k+JhsvLAtS44wuQq4iHEICApXevboeLwC8SdmVvmPOgQltKq\/nJZxH3XvoS+glODB7fv6RToBwUwAoIZecZEK5G0YWjYDojAQyqq5PDO\/3SFaYROKelZ8uiwxbAULBSoySoVUXduAM7HzUtr88MCqzkaHA66OxXgxx8HKeqkcKMRE4+4x9TwonVpd6RtnDA32Sv12o5p2Vj1Kq6yLmDqFIbrRXCNwpKFGBt4614EYpFV\/7IMPwD7Ek529bOo5utyAyTDIuPeVPj8eE3\/5aZXX7lT+BTHbFHeoyHKzi90ZV3d7XR3BStzkMsOAgUl6cBHrTslMA23O9v7QOsh5ceDXHQdXs1knd7lOv59PDtRkOBkIwSw9HwS+OHlVx23Xve7ogGe4wURgOR0JbHbYEHQrln5RphPxuA3hOrY1MAmbhbmF4GQ\/NOozuXTa6n+9T8\/0+rpEVktCQdedJUq2XJHryBZtPgAbthRtBC8bLElx4RL3NiO1uWX9fFqLN1PdmZ+AJYrtLIthmsjj0m1gFKseBlPFSFAEkwvMIhl9+2ATIQEp54vUdZkExcDP0f311TzfETsG3588mXZfgOVKqUmf00CQTffPCZl7JdJJhOKuXjFIEk2ZYGcnrJdpksbC60cpzNeb9Rco0uXdabJQmqEJSCC6Wc1LHWeAOVd730yn1TEDw=="}
00429{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929134,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCcdXLmH94AQD+fJnwAAAQEICienVNgGP5MZ"}
00833{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067210,"pkt_ts_usec":13684,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFcAABAAEAG9uPAqAGyUlEuDfF8KMsekCcdXLmH94AYEACyHwAAAQEICienVSwGP5MZFwMDASNRHgWXWexM\/2AsPQ+vcQD6Zrq79uzdvo1W7uAfC\/k3Byxhuizp\/YGYPMVkseftaRj2FAH4N018E4DBa+lsL9iw+ZdF6EwUFEV9dU86dto3QLflhJd79EQEWry9hfEixzEL5qg3vL4B9+HG9XiwsmnlyQsXu3q4hobjm6f7dl\/tLVTXOm+RfKFkQWrOQos25nenEVSy7gEpcimMFjYLMFf151XwfwKy0jS3xvMmtVtqXEUQ5dljnoYADAHHgiQywX37bbFJuUorxqp2XW\/jSBpLjwzMpOBxWPCcYkSfX2DtP2ri+jJbddTED4521ycf1HWorm4iKnB5RUfnR5SfBytC10nISYiaI+Vactl9PdL8VSrK2LgqMTFYHb\/lL13xz7xgHZ4="}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test"}

20
test/results/ftp.pcap.out
View File

@@ -1,5 +1,5 @@
00380{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":892296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
00431{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
@@ -12,22 +12,22 @@
00441{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976972,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2xCwDBkn+CABFEABBAABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAYECpjewAAAQEICjtXmOwSZ\/tbUEFTUyBOY0ZUUEANCg=="}
00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":45752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OopAADYGpvJagkZJwKgB1AAVxgZYKsIJoyOYC4AQAAMV2wAAAQEIChJn+207V5js"}
00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":66945,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xCwDBkn+EBMx8Tl2CABFAABLOotAADYGptpagkZJwKgB1AAVxgZYKsIJoyOYC4AYAAM0PgAAAQEIChJn+3I7V5jsMjMwIExvZ2luIHN1Y2Nlc3NmdWwuDQo="}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":32,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="}
00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":580045,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
02034{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637965,"pkt_caplen":1271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1271,"pkt_l4_len":1237,"pkt":"xCwDBkn+EBMx8Tl2CABFAATpn4tAADYGPTxagkZJwKgB1GRVxgdmK2Nx7sCijYAYAAMMxgAAAQEIChJn\/Po7V585LXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwMDAgRmViIDE5ICAyMDE2IDEwMDBHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDczNzQxODI0MDAgRmViIDE5ICAyMDE2IDEwMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAgMTAyNDAwIEZlYiAxOSAgMjAxNiAxMDBLQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDQ4NTc2MDAgRmViIDE5ICAyMDE2IDEwME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwIEZlYiAxOSAgMjAxNiAxMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNDg1NzYwIEZlYiAxOSAgMjAxNiAxME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQgRmViIDE5ICAyMDE2IDFHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgICAgMTAyNCBGZWIgMTkgIDIwMTYgMUtCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAxMDQ4NTc2IEZlYiAxOSAgMjAxNiAxTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgMjA5NzE1MjAwIEZlYiAxOSAgMjAxNiAyMDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAyMDk3MTUyMCBGZWIgMTkgIDIwMTYgMjBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgMjA5NzE1MiBGZWIgMTkgIDIwMTYgMk1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAzMTQ1NzI4IEZlYiAxOSAgMjAxNiAzTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgNTI0Mjg4MDAwIEZlYiAxOSAgMjAxNiA1MDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICA1MjQyODgwMCBGZWIgMTkgIDIwMTYgNTBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgIDUyNDI4OCBGZWIgMTkgIDIwMTYgNTEyS0IuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgIDUyNDI4ODAgRmViIDE5ICAyMDE2IDVNQi56aXANCmRyd3hyLXhyLXggICAgMiAxMDUgICAgICAxMDggICAgICAgICAxNjM4NCBNYXIgMTQgMjA6MDMgdXBsb2FkDQo="}
00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_tot_l4_data_len":1353,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1237,"flow_avg_l4_data_len":338,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
00420{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n4xAADYGQfBagkZJwKgB1GRVxgdmK2gm7sCijYARAAOfgQAAAQEIChJn\/Po7V585"}
00420{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJoAQEAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AQEAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AREAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":666222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n41AADYGQe9agkZJwKgB1GRVxgdmK2gn7sCijoAQAAOfXAAAAQEIChJn\/QI7V59V"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":545143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
00432{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573913,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
00419{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}
@@ -43,8 +43,8 @@
02347{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605531,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOdAADYGYvVagkZJwKgB1F\/LxggMTpVRDQcaT4AQAAMc+QAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00420{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6a8YAQEABjbgAAAQEICjtXspsSaAHT"}
02347{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605595,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOhAADYGYvRagkZJwKgB1F\/LxggMTprxDQcaT4AQAAMXWQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_tot_l4_data_len":224192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":879,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_tot_l4_data_len":224192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":879,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_tot_l4_data_len":3259,"flow_min_l4_data_len":32,"flow_max_l4_data_len":273,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_tot_l4_data_len":1513,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1237,"flow_avg_l4_data_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test"}

8
test/results/ftp_failed.pcap.out
View File

@@ -1,5 +1,5 @@
00387{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":864342,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
00470{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878212,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
00456{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878234,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}
@@ -15,6 +15,6 @@
00465{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":74667,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACYGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QchwFQbPgBgA4XzJAAABAQgKlgV6zFbTThFRVUlUDQo="}
00479{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88560,"pkt_caplen":100,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":100,"pkt_l4_len":46,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOAC4GOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBs+ZN0HOgBgCAFELAAABAQgKVtNPzpYFeswyMjEgR29vZGJ5ZS4NCg=="}
00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88598,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3Qc5wFQbdgBAA4XzDAAABAQgKlgV62lbTT84="}
00620{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"hello","password":"","auth_failed":1}}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"hello","password":"","auth_failed":1}}
00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test"}

1458
test/results/fuzz-2006-06-26-2594.pcap.out
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More